Info Security Risk Management Assignment

Info Security Risk Management Assignment

ISOL 533 – Information Security and Risk Management DISASTER RECOVERY PLAN

University of the Cumberlands

Information Technology Statement of Intent

This document delineates Health Network, Inc. (Health Network) policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency situation, modifications to this document may be made to ensure physical safety of our people, our systems, and our data.

Our mission is to ensure information system uptime, data integrity and availability, and

business continuity.

Policy Statement

Info Security Risk Management Assignment

Corporate management has approved the following policy statement:

 The company shall develop a comprehensive IT disaster recovery plan.  A formal risk assessment shall be undertaken to determine the requirements for the disaster

recovery plan.

 The disaster recovery plan should cover all essential and critical infrastructure elements, systems and networks, in accordance with key business activities.

 The disaster recovery plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.

 All staff must be made aware of the disaster recovery plan and their own respective roles.  The disaster recovery plan is to be kept up to date to take into account changing

Info Security Risk Management Assignment

circumstances.

Objectives

The principal objective of the disaster recovery program is to develop, test and document a well- structured and easily understood plan which will help the company recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts information systems and business operations. Additional objectives include the following: • The need to ensure that all employees fully understand their duties in implementing such a

plan • The need to ensure that operational policies are adhered to within all planned activities • The need to ensure that proposed contingency arrangements are cost-effective • The need to consider implications on other company sites • Disaster recovery capabilities as applicable to key customers, vendors and others

2

Key Personnel Contact Info

Name, Title Contact Option Contact Number

Work Alternate Mobile Home Email Address Alternate Email Work

Alternate

Mobile

Home Email Address

Alternate Email Work Alternate Mobile Home Email Address Alternate Email Work Alternate Mobile Home Email Address Alternate Email

Work Alternate Mobile Home Email Address Alternate Email Work Alternate Mobile Home Email Address Alternate Email

3

Notification Calling Tree Person

Identifying

Incident

4

Info Security Risk Management Assignment

External Contacts

Name, Title Contact Option Contact Number

Landlord / Property Manager

Account Number None Work Mobile Home Email Address Power Company

Account Number Work Mobile Home Email Address Telecom Carrier 1

Account Number Work Mobile Fax Home Email Address Telecom Carrier 2

Account Number Work Mobile Home Email Address Hardware Supplier 1

Account Number Work Mobile Emergency Reporting Email Address Server Supplier 1

Account Number. Work Mobile Fax Email Address Workstation Supplier 1

Account Number Work

Mobile Home Email Address Office Supplies 1

Account Number C3095783 Work Mobile Home Email Address Insurance – Name

5

Name, Title Contact Option Contact Number

Account Number Work Mobile Home Email Address Site Security – Account Number Work Mobile Home Email Address Off-Site Storage 1

Account Number Work Mobile Home Email Address Off-Site Storage 2

Account Number User ID Password Home Email Address HVAC – Account Number Work

Mobile Home Email Address Power Generator – Account Number Work Mobile Home Email Address Other – Account Number Work Mobile Home Email Address

6

External Contacts Calling Tree

Info Security Risk Management Assignment

7

1 Plan Overview

1.1 Plan Updating It is necessary for the DRP updating process to be properly structured and controlled. Whenever changes are made to the plan they are to be fully tested and appropriate amendments should be made to the training materials. This will involve the use of formalized change control procedures under the control of the IT Director.

1.2 Plan Documentation Storage Copies of this Plan, CD, and hard copies will be stored in secure locations to be defined by the company. Each member of senior management will be issued a CD and hard copy of this plan to be filed at home. Each member of the Disaster Recovery Team and the Business Recovery Team will be issued a CD and hard copy of this plan. A master protected copy will be stored on specific resources established for this purpose.

1.3 Backup Strategy Key business processes and the agreed backup strategy for each are listed below. The strategy chosen is for a fully mirrored recovery site at the company’s alternate sites. This strategy entails the maintenance of a fully mirrored duplicate site which will enable instantaneous switching between the live site (headquarters) and the backup site.

KEY BUSINESS PROCESS BACKUP STRATEGY

IT Operations Fully mirrored recovery site

Tech Support – Hardware Fully mirrored recovery site

Tech Support – Software Fully mirrored recovery site Facilities Management Fully mirrored recovery site

Email Fully mirrored recovery site

Purchasing Fully mirrored recovery site

Disaster Recovery Fully mirrored recovery site

Finance Fully mirrored recovery site

Contracts Admin Fully mirrored recovery site

Warehouse & Inventory Fully mirrored recovery site

Product Sales Fully mirrored recovery site

Maintenance Sales Fully mirrored recovery site

Human Resources Off-site data storage facility

Testing Fully Mirrored Recovery site – Fully mirrored recovery site

Workshop Fully Mirrored Recovery site – Fully mirrored recovery site

Call Center Fully mirrored recovery site

Web Site Fully mirrored recovery site

1.4 Risk Management There are many potential disruptive threats which can occur at any time and affect the normal business process. We have considered a wide range of potential threats and the results of our deliberations are included in this section. Each potential environmental disaster or emergency situation has been examined. The focus here is on the level of business disruption which could arise from each type of disaster.

8

Potential disasters have been assessed as follows:

Potential Disaster Probability Rating Impact Rating Brief Description Of Potential

Consequences & Remedial Actions

<3> <4>

Probability: 1=Very High, 5=Very Low Impact: 1=Total destruction, 5=Minor annoyance

2 Emergency Response

2.1 Alert, escalation and plan invocation

2.1.1 Plan Triggering Events Key trigger issues at headquarters that would lead to activation of the DRP are: • Total loss of all communications • Total loss of power • Flooding of the premises • Loss of the building

2.1.2 Assembly Points Where the premises need to be evacuated, the DRP invocation plan identifies two evacuation assembly points: • Primary – Far end of main parking lot; • Alternate – Parking lot of company across the street

Essay writing help – Info Security Risk Management Assignment Online Essay Writing Agency – Crucial Paper.

Write my Essay. Premium essay writing services is the ideal place for homework help or essay writing service. if you are looking for affordable, high quality & non-plagiarized papers, click on the button below to place your order. Provide us with the instructions and one of our writers will deliver a unique, no plagiarism, and professional paper.

Get help with your toughest assignments and get them solved by a Reliable Custom Papers Writing Company. Save time, money and get quality papers. Buying an excellent plagiarism-free paper is a piece of cake!

All our papers are written from scratch. We can cover any assignment/essay in your field of study.