Running head the recovery phase of the disaster recovery cycle .docx

Running head: the recovery phase of the disaster recovery cycle
1
The recovery phase of the disaster recovery cycle 13
Disaster Recovery Planning, Prevention and Response
Name
Institution
Course
Date
A. Using the attached “After Action Report Survey Template,”
create an after action report (AAR) by doing the following:1.
Discuss the plans, procedures, or other documents that were in
place before the disaster.
Prevention Identify and minimize the risks posed by the
building, its equipment and fittings, and the natural hazards of
the area.
• Carry out a building inspection and alter factors which
constitute a potential hazard.
• Establish routine housekeeping and maintenance measures to
withstand disaster in buildings and surrounding areas.
• Install automatic fire detection and extinguishing systems, and

water-sensing alarms.
• Take special precautions during unusual periods of increased
risk, such as building renovation.
• Make special arrangements to ensure the safety of library or
archival material when exhibited.
• Provide security copies of vital records such as collection
inventories, and store these off-site.2. Summarize what
occurred during the response in the scenario.: (e.g., disaster
recovery plan, backup plans etc.) Include specific details about
the documents, including completeness.
When disaster strikes.
• Follow established emergency procedures for raising the
alarm, evacuating personnel and making the disaster site safe
• Contact the leader of the disaster response team to direct and
brief the trained salvage personnel
• When permission is given to re-enter the site, make a
preliminary assessment of the extent of the damage, and the
equipment, supplies and services required.
• Stabilize the environment to prevent the growth of mound.
A disaster such as,
Earthquakes are seismic events where enormous amounts of
energy are released, creating seismic waves. Earthquakes cause
the following:
• Shaking and ground rupture
• Landslides and avalanches
• Tsunamis
• Soil liquefaction
• Floods
• Fires
These effects can linger for some time after the earthquake is
over, hampering recovery efforts. Several months after the earth
rumblings that worried the IT and research departments, there
was an earthquake mirroring the 1905 event, registering 7.8 on
the Richter scale, and lasting approximately 30 seconds to 1
minute for the primary quake, with subsequent aftershocks of
varying strengths occurring for the next 96 hours. Floods and

fires persisted for weeks. The resulting damage can be
categorized as somewhere between severe and catastrophic. The
casualty count, for both the local community and the
organization was 50%, or approximately 50,000 deaths for the
city of Berkeley and 31 deaths for LPHG. One LPHG staff
member died as a result of contracting the H1Z1 virus in the
resulting earthquake aftermath. Casualty counts could continue
to increase as a result of the six effects listed above, or as a
result of the rampant spread of the highly contagious H1Z1
virus. Likewise, half of the infrastructure and buildings in the
area were also destroyed.
The disaster and subsequent casualties heavily affected the
organization and the surrounding community. LPHG’s research
and development of EFHG, and the planned release to market,
will have to be delayed during the recovery process. It is also
important to remember that the local community’s emergency
services were heavily strained during and immediately after the
disaster. Communication, transportation, and medical
emergency services will be stressed passed the breaking point
for approximately six to eight weeks, until the federal
government’s resources can be mobilized.3. Analyze the
strengths of the disaster response in the scenario by doing the
following
Discuss three strengths.
Strength 1: Strength details
■ Relationships with other agencies, associations, non-
governmental organizations (NGOs), governments and local
actors have been created or strengthened because of disaster
management.
Summary of strengths
The increased cooperation and coordination resulting from the
planning process is often invaluable in ensuring a timely,
efficient and effective response to emergencies, making optimal
use of all necessary resources. Furthermore, it can lead to

increased collaboration in disaster preparedness and mitigation
activities, thereby reducing potential losses in the event of a
disaster.
Contributing factors
Natural disasters cannot be prevented, but measures can be
taken to eliminate or reduce the possibility of trouble.
Regardless of the many forms a disaster may take, the actual
damage to collections is usually caused by fire or water.
Plan
Disaster response and contingency planning leads to
organizational readiness in anticipation of an emergency. This
includes management of human and financial resources,
availability of emergency supplies, and communications
procedures. Such planning can help mitigate the destructive
effects of a disaster by ensuring timely and effective provision
of humanitarian aid to those most in need.
Policies
Existence of skilled response teams
Quality of means of communication
Documents
■ Presence and quality of public infrastructure and shelters
■ Presence of and accessibility to evacuation routes in the event
of a disaster
Positive consequences
Helps in assessing collection needs in disaster situations
Ways to Improve
· Includes plans or preparations made to save lives and to help
response and rescue operations.
· Preparedness activities take place before an emergency occurs.
Strength 2
■ Potential difficulties have been anticipated and attempts have
been made to overcome problems.
Pre-trained technical specialists; standardized equipment;
readiness to be operational within 48 hours of deployment; the

ability to be fully self-contained for one month; and the
capacity to be deployed for up to four months.
Contributing Factors
Community leadership during and after disasters is supported to
promote improved disaster response and recovery.
Plans
Staff are trained and prepared to play a positive role in
preventing disasters
Policies
Development of short and long term response and recovery
actions
Documents
To assist staff with access to general disaster awareness
information
Positive Consequences
· A formal written plan enables an institution to respond
efficiently and quickly to an emergency, and to minimize
damage to the building and its contents.
· Response activities take place during an emergency.
Ways of Improve
It isimportant to alert the wider disaster management
community, especially if the scale of an emergency requires
external assistance. The rapidity and effectiveness of disaster
response will be enhanced if there is widespread awareness of
the seriousness of a situation, with timely updates, and if needs
are communicated directly from the affected area. Inputs
received from the field form the basis for information bulletins,
allocations from DREF and appeals to donors. Disaster
management resource framework (DMRF)
Strength 3
Relevant information has been gathered and analyzed.
Develop mechanisms for learning of remedial actions that are
needed

Councils establish and maintain agreements with each other to
provide assistance if required during an emergency event.
Plans
Keep together supplies and equipment required in a disaster and
maintain them
Policies
· Disaster planning is a matter of basic security for
organizations.
· It is therefore considered to be an essential part of any
preservation programme to be implemented by any kind of
organization.
Documents
· Monitoring disaster recovery
· Institutions decide priorities and assist with short term plans
for recovery and return of materials
Aiming at giving a proper advice and suggestions to help
disaster managers to produce disaster response and contingency
plans of high quality, relevance and usefulness.
Ways of Improve
Verify that the inspections are done as scheduled4. Analyze the
areas for improvement of the disaster response in the scenario
by doing the following:
a. Discuss three areas for improvement.
Areas for Improvement 1:
Determine priorities for restoration work and seek the advice of
a conservator as to the best methods and options, and obtain
cost estimates.
Areas of improvement details
Summary of Areas for improvement
Arrangements for funding emergency needs.
Disaster Coordination centre, and evacuation centre, hospitals
and alternative access routes are decentralised and equipped
with back-up systems

Plans
Training in disaster response techniques,
Policies
The preparedness of vulnerable communities to current and
future climatic risks is improved.
Documents
To ensure that appropriate equipment and materials are
available to deal with any likely emergency
Councils establish and maintain agreements with each other to
provide assistance if required during an emergency event.
Ways of Improve
Carry out a building inspection and alter factors which
constitute a potential hazard
Area for Improvement 2
Establish a programme to restore both the disaster site and the
damaged materials to a stable and usable condition.
On-going activities to reduce the risk of health, life, property,
and the environment from hazards. A long term approach to
looking at the fundamentals of emergency planning with the
goal of identifying and minimizing risks.
Revise emergency management plan as needed
Plans
Have a record of the list of names, addresses, and home
telephone numbers of personnel with emergency
responsibilities.
Policies
A capacity building and training program on emergency
management, climate change and urban and regional planning is

developed and implemented.
Documents
· Document recovery needs in a Business Recovery Plan
· Record damages and losses
To ensure adequate collections disaster preparedness, a disaster
response structure defining key personnel and groups has been
created.
Ways of Improve
· Apply for assistance as needed
· Revise emergency management plan as needed
Area for Improvement 3
Follow established emergency procedures for raising the alarm,
evacuating personnel and making the disaster site safe
Analyze the disaster and improve the plan in the light of
experience.
A series of programs will be introduced to improve the level of
preparedness of communities to climate change and new
climatic risks.
Plans
Establish a training schedule
Policies
Identify challenges and prioritize activities
Documents
Contact insurers.
Record of those cited goes on employers’ permanent record and
can be used in cases involving employees as evidence against
employers
Ways of Improve
· The key to surviving any disaster is to be prepared and to be
informed.
· Institute procedures to notify appropriate people of the

disaster and assemble them rapidly.
d. Recommend changes to the response plan (e.g., plans,
procedures, equipment, training, mutual aid support,
management, and leadership support) that could resolve the
causes of each of the three areas for improvement.
Everyone is called upon to be prepared for any type of disaster.
Contact and consult otherDisaster Coordinator and Preservation
Services Staff associations to share information and experience,
and with that view to regional cooperation. Additionally, take
advantage of educational sessions, particularly disaster planning
workshops and preparedness exercises. One can also seek expert
advice and help from the preservation offices and the Standing
Committee of the Section on Conservation of the IFLA, the
centres of the IFLA-PAC Programme, and the Technical
Committees of ICA and of the International Audiovisual
Archives Associations FIAF, FIAT, and IASA.
Cost Accounting (ACCT351)Discussion Board 2 (400-500
words)
Primary Task Response: Within the Discussion Board area,
write 500 words that respond to the following questions with
your thoughts, ideas, and comments. This will be the foundation
for future discussions by your classmates. Be substantive and
clear, and use examples to reinforce your ideas.
· Discuss the 2 pros and 2 cons of activity-based costing.
Give an example of a situation where activity-based costing
could be used effectively. Explain your reason.
Discussion Board 3 (400-500 words)
write 500 words that respond to the following questions with
your thoughts, ideas, and comments. This will be the foundation
for future discussions by your classmates. Be substantive and
clear, and use examples to reinforce your ideas.

· Discuss what absorption, variables, and throughput costing
are.
· Determine when each would be used.
Provide an explanation and example of all three.
Financial Management (FINC400)Individual Project 1 (500-800
words)
Library Research Assignment
Locate a publicly traded U.S. company of your choice. Then,
calculate the following ratios for the company for 2014 and
2015:
· Liquidity Ratios
Current ratio [current assets / current liabilities]
Quick ratio [(current assets – inventory) / current liabilities]
· Asset Turnover Ratios
Collection period [accounts receivable / average daily sales]
Inventory turnover [cost of goods sold / ending inventory]
Fixed asset turnover [sales / net fixed assets]
· Financial Leverage Ratios
Debt-to-asset ratio [total liabilities / total assets]
Debt-to-equity ratio [total liabilities / total stockholders’
equity]
Times-interest-earned (TIE) ratio [EBIT / interest]
· Profitability Ratios
Net profit margin [net income / sales]
Return on assets (ROA) [net income / total assets]
Return on equity (ROE) [net income / total stockholders’
equity]
· Market-Based Ratios
Price-to-earnings (P/E) ratio [stock price / earnings per share]
Price-to-book (P/B) ratio [market value of common stock / total
stockholders’ equity]
·
You are now ready to interpret the ratios that you have
calculated. If a ratio increased from 2014 to 2015, why do you
think that it increased? Is it a good or bad sign that the ratio
increased? Please explain.

If a ratio decreased from 2014 to 2015, why do you think that it
decreased? Is it a good or bad sign that the ratio decreased?
Please explain.
If a ratio was unchanged from 2014 to 2015, why do you think
that it was unchanged? Is it a good or bad sign that the ratio was
unchanged? Please explain.
Discussion Board 2 (400-600 words)
write 400–600 words that respond to the following questions
with your thoughts, ideas, and comments. This will be the
foundation for future discussions by your classmates. Be
substantive and clear, and use examples to reinforce your ideas.
The time value of money concept is one of the 3 major
principles of the study and practice of financial management. It
is used to evaluate potential investments, determine a rate of
return on a project, calculate the required payments on a loan or
annuity, and estimate a future value of funds currently invested
and the present value of funds to be received at some future
date. It is imperative that managers at all levels of business
have a working knowledge of this topic. In your first task, you
have been asked to engage your colleagues in a detailed and
documented discussion about the time value of money concept:
what it is, why it is important, how it is used, and generally,
how the applications to single and periodic payments are
computed using various calculation methods and formulas.
In your initial post, identify and recommend at least 1 credible
Web site that an investor can visit to find the current market
value of market indexes such as the Dow Industrial Averages,
and address at least 3 of the following:
· What is the discounted cash flow concept, and why is it
essential for financial managers to understand and employ this
important concept?
· What are the methods associated with evaluating single or
periodic payments, and what is at least 1 application of each?
· Discuss the different methods that can be used to calculate
these amounts, and explain how at least 1 of these models can

be used.
· How can the time value of money models or formulas be used
to determine the rate of return for an investment or the time it
will take for a current sum to grow to a desired future amount?
· Discuss the "Rule of 72" and how it can be used to estimate
how long it takes for money to double at various rates of return.
· Identify and recommend at least 1 credible Web site that an
investor can visit to find the current market value of market
indexes such as the Dow Industrial Averages.
Be sure to document your posts with in-text citations, credible
sources, and properly listed references.
Individual Project 3 (700-1000 words w/ attached excel
spreadsheet)
After engaging in a dialogue with your colleagues on valuation,
you will now be given an opportunity to apply principles that
were presented in this phase. Using a Web site that provides
current stock and bond pricing and yield information, complete
and analyze the tables illustrated below. Your mentor suggests
using a Web site similar to this one.
To fill out the first table, you will need to select 3 bonds with
maturities between 10 and 20 years with bond ratings of "A to
AAA," "B to BBB" and "C to CC" (you may want to use bond
screener at the Web site linked above). All of these bonds will
have these values (future values) of $1,000. You will need to
use a coupon rate of the bond times the face value to calculate
the annual coupon payment. You should subtract the maturity
date from the current year to determine the time to maturity.
The Web site should provide you with the yield to maturity and
the current quote for the bond. (Be sure to multiply the bond
quote by 10 to get the current market value.) You will then need
to indicate whether the bond is currently trading at a discount,
premium, or par.
Bond
Company/
Rating

Face Value (FV)
Coupon Rate
Annual Payment (PMT)
Time-to Maturity (NPER)
Yield-to-Maturity (RATE)
Market Value (Quote)
Discount, Premium, Par
A-Rated
$1,000
B-Rated
$1,000
C-Rated
$1,000
· Explain the relationship observed between ratings and yield to

maturity.
· Explain why the coupon rate and the yield to maturity
determine why the bonds would trade at a discount, premium, or
par.
· Based on the material you learn in this Phase, what would you
expect to happen to the yield to maturity and market value of
the bonds if the time to maturity was increased or decreased by
5 years?
In this step, you have been asked to visit a credible Web site
that provides detailed information on publicly traded stocks and
select 1 that has at least a 5-year history of paying dividends
and 2 of its closest competitors.
To fill up the first table, you will need to gather information
needed to calculate the required rate of return for each of the 3
stocks. You will need to calculate the risk-free rate for this
assignment. You will need the market return that was calculated
in Phase 2, and the beta that you should be able to find on the
Web site.
Company
5-year Risk-Free Rate of Return
Beta (β)
5-Year Return on Top 500 Stocks
Required Rate of Return (CAPM)

To complete the next table, you will need the most recent
dividends paid over the past year for each stock, expected
growth rate for the stocks, and the required rate of return you
calculated in the previous table. You will also need to compare
your results with the current value of each stock and determine
whether the model suggests that they are over- or underpriced.
Company
Current Dividend
Projected Growth Rate (next year)
Required Rate of Return (CAPM)
Estimated Stock Price (Gordon Model)
Current Stock Price
Over/Under Priced

In the third table, you will be using the price to earnings ratio
(P/E) along with the average expected earnings per share
provided by the Web site. You will also need to compare your
results with the current value of each stock to determine
whether or not the model suggests that the stocks are over- or
underpriced.
Company
Estimated Earning
(next year)
P/E Ratio
Estimated Stock Price (P/E)
Current Stock Price
Over/Under Priced
After completing the 3 tables, explain your findings and why

your calculations coincide with the principles related to bonds
that were presented in the Phase. Be sure to address the
following:
· Explain the relationship observed between the required rate of
return, growth rate and the dividend paid, and the estimated
value of the stock using the Gordon Model.
· Explain the value and weaknesses of the Gordon model.
· Explain the how the price-to-earnings model is used to
estimate the value of the stocks.
· Explain which of the 2 models seemed to be the most accurate
in estimating the value of the stocks.
Based on the material that you learn in this Phase, what would
you expect to happen to the value of the stock if the growth
rate, dividends, required rate of return, or the estimated
earnings per share were to increase or decrease? Be sure to
explain each case separately.
Individual Project 4 (700-1000 words with attached excel
spreadsheet)
Your next assignment as a financial management intern is to
apply the knowledge that you acquired while engaging in the
cost of capital discussion that you had with your colleagues. In
this task, you will be calculating the weighted cost of capital for
a firm using the book value of the components and the concepts
presented in this phase.
Using the most current annual financial statements from the
company you analyzed in Phase 1, determine the percentage of
the firm's assets that are currently be financed with debt (total
liabilities), preferred stock, and common stock (common
equity). It is very possible that your firm will have very little or
no preferred stock, so in this class, the percent would be "zero."
Your ratios should add up to 100%. You will also need to
calculate the firm’s average tax rate using the income tax
expense divided by the firm's income before taxes. Use the
following tables:
Company

Total Assets
Total Liabilities
Total Preferred Stock
Total Common Equity
Dollar Value
% of Assets
Company
Income before Tax
Income Tax Expense
Average Tax Rate (%)
The first component to determine is the cost of debt. You
mentor suggests using the Web site that you used in the
previous Phase to find the pretax yield-to-maturity of a bond
with at least 5 years left before maturity. Using the following
table, calculate the firm's after-tax cost of debt:
Yield to Maturity
1 - Average Tax Rate
After-tax Cost of Debt

Now you will need to calculate the cost of preferred stock. You
can use the following table:
Annual Dividend
Current Value of Preferred Stock
Cost of Preferred Stock (%)
To calculate the cost of common equity, you can use the CAPM
model. Using current stock data, the yield on the 5-year treasury
bond, and the return on the market calculated in Phase 2, you
can calculate the cost of common equity using the following
table:
5-year Treasury Bond Yield
(risk-free rate)
Stock's Beta
Return on the Top 500 Stocks (market return)
Cost of Common Equity
Now, you can use the cost and ratios from above to calculate the
firm's weighted average cost of capital (WACC) using the
following table:
After-Tax Cost of Debt
Cost of Preferred Stock
Cost of Common Equity

WACC
Unweighted Cost
Weight of Component
Weighted Cost of Component
· After completing the required calculations, explain your
results in a Word document, and attach the spreadsheet showing
your work. Be sure to explain the following:
How would you expect the weighted average cost of capital
(WACC) to differ if you had used market values of equity rather
than the book value of equity, and why?
What would you expect would happen to the cost of equity if
you had to raise it by selling new equity, and why?
If the after-tax cost of debt is always less expensive than equity,
why don't firms use more debt and less equity?
What are some of the advantages and disadvantages of raising
capital by using debt?
How would "floatation costs" impacted the WACC, and how
could they have been incorporated in the formula?
Describe the nature of the incident:

This is a man-made attack to the organization caused by the
employee through hacking the organizations system and gaining
unauthorized access to computers by sending messages with an
IP address indicating that the message is coming from a trusted
host (spoofing). The employee (attacker) manages to intercept
the messages sent to the employees by the auditor and crafts
fake messages from the individuals the original messages were
sent to (phishing).Identify who should be notified based on the
type and severity of the incident.
The Human Resource manager needs to be notified. This is
because the HR is responsible for all the activities and financial
pay raise for all the employees in the organization. More over
given that the employee hacked the human resource system; the
manager should be notified of the same to confirm the validity
of the changes in the employees’ payment reports.Outline how
the incident can be contained
Use of intrusion detection and prevention systems.
Intrusion is an attack on information asset in which the
instigator attempts to gain entry into a system or disrupt the
normal operation of the system with a intension to do harm or
gain access to restricted information. Therefore intrusion
detectors and preventers ofsystems detect an attempt on system
intrusion and deter the intrusion from occurring by triggering an
alert.
Use of Host Based intrusion detection systems which resides on
a particular computer or server and monitors the status of key
system files and detect when an intruder creates, modifies or
deletes monitored files. This works in the principle of
configuration and change in management which records the
size, location and attributes of system files. They trigger an
alert when a file attribute changes, a new file is created or the
existing file is deleted.
Use of firewalls:
This is a system designed to protect a private network from
things that come into and go out of the network. Their basic
protocol dictates that they must examine each piece of data that

lives and enters the network and if anything does not fit the
safety criteria it is blocked. Firewall uses a method of packet
filtering to examine the header information of data packets that
come into the network; packet filtering restricts information
based on the internet protocol (IP) source and destination
address.
Discuss how the factor that caused the incident could be
removed
The factor that caused the intrusion into the system is due to
lack of lack of authentication and encryption controls. This can
be removed by:
Incorporating access controls which are methods by which
systems determine whether and how to admit a user into a
trusted area of an organization; They include Mandatory Access
Control (MACs), Nondiscretionary controls and discretionary
access controls(DACs).
Use of identifications which is a mechanism whereby an
unverified entity that seeks access to a resource proposes a label
by which they are known to the system. They include
concatenating elements-department codes, random numbers or
special characters to make them unique.
Use of authentication which is aprocess of validating a
supplicant supported identity. Authentication seeks several
things from the supplicant for example; what the supplicant
knows like password and passphrase; something the supplicant
has like smart card, synchronous tokens or asynchronous
tokens; something a supplicant is which mostly relies on the
individual character.
Use of authorizations which is the matching of an authenticated
entity to a list of information assets and corresponding access
levels. Authorization can be handled in three ways;
Authorization for each authenticated user, authorization for
members of a group and authorization across multiple systems.
Accountability. This ensures that all actions on a system

authorized or unauthorized can be attributed to an authenticated
identity. This can be accomplished by means of system logs and
database journals, and auditing of these records.Describe how
the system could be restored to normal business practice.
The system can be restored to normal business practice through
contingency planning where the planning is conducted by the
organization to prepare for, react to and recover from events
that threaten the security of information and information assets
in the organization and subsequent restoration to normal modes
of business operation. Here incident response planning is done
where the planning process is associated with identification,
classification, response recovery from the disaster, and the total
cost of restoration identification. Thereafter business continuity
planning is carried which ensures that critical business
functions continue.
Explain how the system could be verified as operational.
The organization should identify the loop holes that the attacker
used to intrude into the system network and subject them to
through testing to ensure that they are functional. The critical
functions of the system are verified to be functional. The IT
staff also subject the system to the conditions that initially
compromised it and ensure that they have been rectified.
Perform a follow-up of the post-event evaluation by doing the
following:
1. Identify areas that were not addressed by the IT staff’s
response to the incident.
The ability of the employee or the attacker being able to
intercept the communications like emails and crafting a fake
response was not addressed by the IT Staff.Outline the other
attacks mentioned in the scenario that were not noticed by the
organization.
Phishing – this is an attempt to gain personal financial from an
individual usually by posing as a legitimate entity. This is
evident when the employee is successfully able to intercept the
email messages and craft a fare response from the individuals
the original e-mails were sent to.

a) Describe the nature of the attack not noticed by the
organization
White-collar crime Edward Sutherland (1939) refers it to be a
crime committed by a person of respectability and of high social
status in the course of his or her occupation. This is evident
when the editor and the employee exchange emails back and
forth until he gains permission for some other financial records.
b) Describe how the additional attacks can be prevented in the
future
While phishing techniques are getting more sophisticated, there
are more things that can be done to avoid phishing.
Check the email carefully- a phishing email may claim to come
from a legitimate company or host. The links sent to individuals
may lead to privacy policy of a legitimate company or some
irrelevant pages.
Never enter financial or personal information. Most of the
phishing mails direct one to pages where entries for financial or
personal information are required hence the network user should
not make confidential entries through the links provided in the
email.
Protection through software. Antispyware and firewall should
be used to prevent phishing attack and users should update their
programs regularly. Firewall protection prevents access to
malicious files by blocking the attacks. Antispyware software
scans every file which comes through the internet to a
computer. This helps prevent Damage to the system
To prevent against white collar crimes the organization can
implement the following procedures:
Create a policy where board or committee approval is necessary
to ensure that the employees follow by the policy and if any
violates the policy legal actions are taken against them.
Ensure that the employees get pay rise to prevent them from
forcing the payment rises for themselves.Recommend a recovery
procedure to restore the computer system back to their original
state prior to such attacks.

Once the incident has been contained, and system control
regained, incident recovery can begin.
The Incident Recovery team must assess the full extent of the
damage in order to determine what must be done to restore the
systems.
The immediate determination of the scope of the breach of
confidentiality, integrity, and availability of information and
information assets is called incident damage assessment.
Those who document the damage must be trained to collect and
preserve evidence, in case the incident is part of a crime or
results in a civil action.
Once the extent of the damage has been determined, the
recovery process begins:
· Identify the vulnerabilities that allowed the incident to occur
and spread. Resolve them.
· Address the safeguards that failed to stop or limit the incident,
or were missing from the system in the first place. Install,
replace or upgrade them.
· Evaluate monitoring capabilities (if present). Improve
detection and reporting methods, or install new monitoring
capabilities.
· Restore the data from backups.
· Restore the services and processes in use. Compromised (and
interrupted) services and processes must be examined, cleaned,
and then restored.
· Continuously monitor the system.
· Restore the confidence of the members of the organization’s
communities of interest.
Reference
1. Principles of Information security, 4Th Edition Michael e.
Whitman Ph. D, CISM, CISSP
Herbert J. Mattord
2. Phishing.org

FXT Task 1
University’s Disaster Recovery Plan(DRP)/Enterprise
Continuity Plan (ECP)
Student name:
Lecturer:
Date:
1
Presentation Summary :
The Presentation is created for University DRP ( Disaster
Recovery Plan) / ECP ( Enterprise Continuity Plan) and it
includes different areas of coverage.
DRP/ECP members Roles
Six resilience layers
Type of training a DRP team will need
How university should choose outside expertise
Best method for developing awareness campaign
Best way for implementing the awareness campaign
Area to improve Resilience to Catastrophic Evens
Employee awareness Campaign
Presenter Notes:

2
What The Presentation Is About?
Below are several areas which will benefit the university to be
prepared for emergency and catastrophic event by applying for a
national security agency’s center of academic excellence
Areas covered:
Disaster Recovery and Emergency Continuity Plan personal
roles.
Area to properly address resilience to operational disturbance
DRP/ECP training
Emergency plan to improve inputs by outside vendors.
Employee awareness training and their roles in DRP/ECP Plan
Best methods of implementing the awareness campaign
Presenter Notes:
3
Q1: Roles of DRP/ECP Members
TEAMS RESPONSIBLE ARE
Below Teams are responsible for the Role of DRP/ECP
members.
Damage Assessment Team
Restoration Team
Operation Team
Customer Support Team

Salvage/Reclamation Team
Administrative Support Team
Emergency Management Team (EMT)
Presenter Notes:
4
Answer: Roles of DRP/ECP Members
Emergency Management Team (EMT) : Is responsible to
coordinate with series of other teams in university and make
sure all Emergency Team Members know their responsibilities
EMT Leader: Should communicate with Senior management to
report status , Request for Decisions and problem resolution.
EMT will have to declare Emergency , Coordinate EMT
activities and contact University EMT Members. They will also
be responsible to maintain documentations for DRP/ECP and
keep them up to date. Once documentation is in place they will
have to make a Plan of Action for all new emergency situations
they have faced and was new.
Operations Team: Operations Manager notifies business
Continuity Team (BCP) Leaders in university that Emergency
has been declared. Operations Manager will have to
communicate with university BCP team leaders to request/status
reports to EMT, Co-ordinate all BCP team activities and handle
personnel issues.
Communication Team: University Communication Manager will
have to take responsibility for Media and external
communications. Communication Team will also be responsible
for internal communications.

Security Team: Security Team will be responsible to maintain
physical security of university and make sure the property is
safe during the emergency.
Presenter Notes:
5
Answer: Roles of DRP/ECP Continued
IT Infrastructure Team: IT Infrastructure team will fall in to
different other teams each of the team member will be
responsible based on their roles.
Infrastructure Technical Support Team: Will be responsible to
maintain all information stored in university systems. The must
define operational procedures to create preparedness for an
emergency and make sure all information in still in right and
safe place during emergency. Technical Support team will also
make sure backups are working properly and they have healthy
restoration point. They must also make sure that there is an
alternative recovery in case if disaster happens at university
Datacenter.
Infrastructure IT Security Team: Will be responsible to make
sure all information is accessed in secure environment and will
coordinate with all other departments to maintain physical
security and safe access to all important data during their
operation.
Executive Management Team: Will be responsible to prepare

and coordinate procedures and processes that all employees and
vendors should use during Emergency.
Presenter Notes:
6
Answer: Roles of DRP/ECP Continued
Training Team: Will be responsible to provide awareness
trainings to all employees on what do they need to do in
Emergency situations and what will be their role within the
DRP/ECP.
Presenter Notes:
7
Q2: Resilience Layers
Resilience layers will address all area and help prepare
university for emergency and catastrophic events. The Six
Resilience layers includes.
Strategy
Organization
Processes
Data/Applications
Technology

Facilities and Security
Strategy: The first resilience layer is strategy. The layer will
help university accomplish their goals as an entity, the objective
directing its operation and the standards it must abide by. This
layer, the below components will assessed and examined.
Vulnerabilities
Risks
Competitive Edge
Baseline organizational culture
Example of Strategy: Unauthorized Student tried to hack and
accessed university exam papers to pass the exam with better
marks.
Presenter Notes:
8
Q2: Resilience Layers Continued
University immediately took action and created a strategic plan
to implement its DRP/ECP as well as maintaining the baseline
objective of continuing to secure data systems.
Organization: The second resilience layers deals with the
structure of university. The role of DRP/ECP is generated in
this layer, for example who will be responsible for managing
personnel when there is emergency. The second example is who
will be responsible to take control and manage data access
during a catastrophic event and role’s responsibilities. Another
example in this layer will be the rules that will govern
communication during an emergency, for example how each
member will communicate with other employees in university

and what technologies will be used for these communications;
and finally what skills are required to comply with DRP/ECP
defined goals.
Processes: The third layer is important to continue operating
during an emergency. For example all employees will need
access to vital information during emergency and this layer will
help us to create plans. The emergency team management will
be generating processes for ECP/DRP. There will be a need for
processes update to reflect changes or new information such as
changing personnel links within a department.
Presenter Notes:
9
In this layer alternative process is needed so if the primary
process fails there is alternative processes in place. A good
example can be if university Wide Area Network connection
fails satellite communication can take over university primary
W.A.N connection.
Data / Application: The fourth layer is to examine data and
applications for university. This layer include things such as
testing emergency solutions from the initial creation to the
point of post deployment reviewing. DRCP/ECP plans such as
using two types of data links to ensure connectivity.
Determining fault tolerance, to what degree failures may occur
before operation cease. Last is Providing reliable data to
emergency and executive management team members to create a
consensus in DRP/ECP program.

Technology: The fifth resilience layer is technology which
addresses several points. First the university databases
administration team will determine which hardware and
software are critical to DRP/ECP. An example would be a
server that must be constantly powered to provide access to the
company’s database. The next thing to consider is alternative
site which will help include site selection, preparation and
arranging for maintenance. Once the plan is in place then
emergency management team would identify single point of
failure that could cause DRP/ECP.
Presenter Notes:
10
Failures in this layer is both technical resources such a server to
personnel such as a member of upper management needed to
provide consents for emergency deployments. The other steps
will be that Information Technology team members must
evaluate and align I.T investments to the objective outlined
within the DRP/ECP to optimize the use of financial resources.
Technology with in the DRP/ECP must be flexible in providing
more then one function or service helping to create failsafe
solution. At last upper management and emergency team
members should agree to standards of resiliency.
Physical Layer: The last layer is Physical layer where university
will have to build a plan to secure all areas and limit access.

Anyone entering university should have ID or should have
permission to enter and in order to access company servers they
should be authorized and have access permission. One other
important concern is to ensure adequate heating/cooling as well
as steady power source for equipment. Then a testing of all
systems at the operating location is performed to ensure
readiness. Keeping precautionary measures in mind such as
arranging alternative backup power should with the DRP/ECP is
started within documentation.

Presenter Notes:
11
Q2(a): Provide one example for each of the six resilience layers
related to this enterprise.
Six resilience layers Example:
Strategy: The university is going to define protocols that will
allow it to continue during the catastrophic event.
Organization: The university created roles for all personnel and
defines the responsibilities of each role with in ERP/DRP
program.
Rules that will govern emergency communication once
ERP/DRP deploys is also defined.

Processes: the university defines processes within DRP/ECP and
steps to consider when reflecting future conditions during the
event.
Data/Application: The university provides data access stored on
server rack through satellite communication. The university also
design a secondary means of accessing the data if primary link
is down.

Presenter Notes:
12
Q2(a): Provide one example for each of the six resilience layers
related to this enterprise Continued.
Technology: The university defines technologies/equipment
required during DRP/ECP. It then selects a recovery site for
operations in case of failure according to DRP/ECP outline.
Physical Security: University limits the access permission
physically when entering to site thru the control of gates and
doors and restrict permission to access racked servers and also
making sure cooling and heating system is on correct
temperature.

Q3. Outline the type of training a DRP team will need.
The first step is to determine and evaluate skills that
Information Technology department have which will help
emergency team for the selection and roles to be assigned to
each employee. The best way is going to take an online training
through test engine which will save time rather then
interviewing or taking tests on paper. There will be a testing
score 300 to 1000. The personnel who score in the higher will
then be given more prominent role with in the ECP/DRP.

Presenter Notes:
13
Q3. Outline the type of a typical DRP team will need continued.
IT databases team are trained for emergency steps to ensure
safety, security and functionality or company servers. As the
database are more important to university the training for
database team completes through classes, training materials and
hand on labs. All personnel receive training on ECP/DRP
regarding infrastructure such as location of emergency.
Personnel receive training when they are hired through live
mentor or training application with animated examples. Later,
once individual team assignment are complete, each person will
train via online simulation software tailored to their team
responsibilities.
Q4. Outline how the university should go about choosing
outside expertise to assist with the development of a DRP.
There are chances where university may use outside expertise if
Internal staffs are not capable to full fill ECP/DRP
requirements.

A consultant that would create long lasting solution, act as a
facilitator when needed, act to further university missions and
help train personnel where appropriate.

Presenter Notes:
14
Q4. Outline how the university should go about choosing
outside expertise to assist with the development of a DRP
continued.
The outside vendors are experts and have experience to deal
with such situations. They are familiar with the scope of
DRP/ECP project from initial design to final implementation.
Vendors will receive evaluation score during the phase of
determination. Vendors with more experience in DRP/ECP are
assigned. As a next step then the vendor is assigned based on
cost estimates.
The university must be careful when choosing vendor and weigh
cost benefits to return on investment with DRP/ECP. It should
not exceed 10 percent of their select budget for DRP/ECP.
Qualification for outside vendor includes familiarity with
complex databases, experience with database security and server
environment, deploying systems during emergency events,
experience with project budget and timeline and awareness
campaign.

Presenter Notes:
15
Q5.Best method for developing a DRP/ECP awareness
campaign.

The best method would be to collect, develop and use
experience of all personnel to contribute to a rough DRP/ECP
outline. This way the emergency response team will be able to
develop strong DRP/ECP. Once the DRP/ECP is in place testing
it thru real life simulations of the solution proposed. The tested
solution that are successful when executed made a part of the
final ECP/DRP.
Q5(a). Evaluate one best method for implementing a DRP/ECP
awareness campaign.
Best method that will help all employees and students
understand their role with DRP/ECP is fire drill where it will
bring stark attention to the DRP/ECP plan by creating a
situation in which every one should perform their roles learned
via ECP/DRP training.

Presenter Notes:
16
References

17
Disaster Recovery / Business Continuity - Resilient
Infrastructure. (n.d) Retrieved Jan 12, 2016 from
http://campconferences.com/events/2015/disaster.htm
Risk Management and Business Continuity: Improving Business
Resiliency . (n.d) Retrieved Jan
12, 2016 from http://www.riskmanagementmonitor.com/risk -
management-and-business-
continuity-improving-business-resiliency/

Running head the recovery phase of the disaster recovery cycle .docx

Recommended

Recommended

More Related Content

Similar to Running head the recovery phase of the disaster recovery cycle .docx

Similar to Running head the recovery phase of the disaster recovery cycle .docx (20)

More from toltonkendal

More from toltonkendal (20)

Recently uploaded

Recently uploaded (20)

Running head the recovery phase of the disaster recovery cycle .docx