Unit 05 Security

Assignment 02
1. Consult, ABC (PVT) Ltd to implement a disaster recovery site. You must justify your technical
arguments and selections. Need to create a few PowerPoint slides to present to management
in the next monthly meeting with a high-level proposed network diagram, proposed disaster
recovery site type, RPO, RTO etc.

Disaster recovery plan

Disaster recovery plan is the selection of a secondary site for data storage to help prevent data loss in
the event of cyber-attacks and physical disasters.

What is disaster recovery site?

A disaster recovery site is an alternative backup facility, usually IT in nature, that is used when a
primary location becomes unusable due to failure or disaster. It contains equipment and
infrastructure that can be temporarily used to manage business processes until the main site's
functionality is fully restored.

Cold computing sites –

• Cold computing sites are the most simplistic type of disaster recovery site.
• A cold site consists of elements to provide power and networking capability as well as
cooling. It does not include other hard ware elements such as server storage.
• The use of a cold site is very limiting to a business since before it can be used backup data
along with some additional hardware must be sent to the site and installed.

Warm computing sites –

• contain every one of the components of a virus site while adding to them extra components
including capacity equipment, for example, tape or plate drives alongside the two servers
and switches.
• Warm destinations are "all set" in one sense, however they actually need to have
information moved to them for use in recuperation should a catastrophe happen.

Hot computing sites –

• A fully functional backup site that already has important data mirrored to it.
• This is the ideal disaster recovery site but can be challenging to attain.
Important of hot disaster recovery

• Fully redundant equipment

• Network connectivity is enabled
• Failover occurs within hour or days
• Near real-time data synchronization
• Zero data loss
So I think to choose hot disaster recovery site for our organization.

Recovery time objective (RTO)

• RTO is the amount of time it takes to recover normal business operations after an outage.
• As you look to set your RTO you’ll need to consider how much time you’re willing to lose and the
impact that time will have on your bottom line.
• The RTO might vary greatly from one type of business to another.

Recovery point objective (RPO)

• RPO refers to the amount of data you can afford to lose in a disaster.
• You might need to copy data to a remote data center continuously so that an outage will not
result in any data loss.
• Or you might decide that losing five minutes or one hour of data would be acceptable.

High-level network diagram

 2. Proposed best backup strategy for ABC (PVT) Ltd. Further, you must convey to the management,
why ABC (PVT) Ltd should take backup while keeping the disaster recovery site.

Backup/restoration data

Employees who are responsible for data recovery should also know the procedures to follow.

The aim should be to plan ahead so that the whole system can be up and running again within a
specified time scale like as 24 hours.

Then, if the worst case scenario happens disaster recovery should be as smooth as possible.

The contingency plan has to be developed from a full risk analysis, so that every eventuality is taken into
consideration.

What is backup ?

Backup describes the process of creating and storing copies of data that can be used to protect
against data loss.

Three types of backups are,

1. Full backup

2. Incremental backup

3. Differential backup

 Full backup
• The most basic and complete type of backup operation is a full backup. This type of backup
makes a copy of all data to a storage device.
• Quickest to restore from because all the files you need are contained in the same backup set 
Full backups on a regular schedule require the most storage out of other two methods.

 Incremental backup
• An incremental backup operation will result in copying only the data that has changed since the
last backup operation of any type.
• Incremental backups take the least space and time to perform than differential and full backups.
but it’s the most time-consuming out of all of the methods to restore a full system.
 • You first have to restore the least full backup sets and then each of the incremental backup sets
in order. If one of these backup sets is missing or damaged, then a full restoration is impossible.

 Differential backup
• A differential backup is similar to an incremental backup the first time it is performed, in that will
copy all data changed from the previous backup. however, each time it is run afterwards, it will
continue to copy all data changed since the previous full backup.
• Incremental backup requires one full backup to be made. Afterward, only the files that have
changed since the last full backup are backed up. This means that to restore, you only need the
latest full backup set and the latest differential backup set.
• There’s no need to restore more than those two backup sets, which saves more time than
restoring from an incremental backup.
• But still takes a bit longer than restoring from a full backup.
• It also takes up less space than incremental backups but more space than full backups.

Full back up provides the best protection for your data. No matter what happens to your
hardware, we’ll have a complete copy of all the company information we need and
incremental backups require far less time and storage to create more compact copies of data
so I think to choose full backup and incremental backup.

Backup schedule
 On Monday, the team completes an initial full backup of all files on the designated hard drive.
 On Wednesday, the team completes an incremental backup of only the files that have changed
since Monday the last backup that was completed.
 On Friday, the team completes another incremental backup of just the files that have changed
since Wednesday the last backup that was completed. They repeat this again on Sunday.
 On Monday, the process begins again with another full back up to the designated hard drive.

why ABC(PVT) Ltd should take backup while keeping the disaster recovery site?

If you suffer a major data loss, the focus must be on retrieving the lost data and getting the systems up
and running in the shortest possible time. If you fail to do so and the data recovery takes days, your
business will lose precious working days and irreparable financial losses.

There are more reasons why an effective disaster recovery plan is important for your business.
Protecting sensitive information of customers

Your business database will feature extensive details about your customers’ mail ids, phone numbers,
physical addresses, financial information, business deals and more. If this data gets lost or finds its way
into the wrong hands, it can strain your relationship with customers and clients.

Protecting your business reputation

If your business loses data, especially to cyberattacks, it does not convey a positive image of your
company. Security breaches can make you appear irresponsible towards customer privacy and not doing
enough to secure customer data. However, if your business is prepared for such risks and bounces back
in no time after an experience of data loss, customers will be convinced that your company is reliable
and trustworthy.

Ensuring you are free to focus on more important things

If you are forever worrying about a possibility of data loss that could send your business spiraling
downwards, it is tough to concentrate on growing your business. You will be second-guessing every
business strategy. Implementing a powerful and rigorously tested disaster recovery strategy available
from leading Managed IT firms in Perth is just what you need to restore your peace of mind and take
your business to new heights.

Cost-effective

Activating a disaster recovery plan can be a smart investment for your business in many ways. The cost of
implementing disaster recovery strategies is much lower than the financial loss and business disruption
faced in the event of a data loss.
 3. You must propose to management how can improve the physical security of the main data
center and DR site. Create a few slides with justifications.

What is main data center

A data center is the department in an enterprise that houses and maintains back-end IT systems and
data stores, its mainframes, servers and databases. In the days of large and centralized IT operations in
this department and all the systems resided in one physical place hence the name data center.

Details for improve physical security of the main data center and DR site
Conduct regular audits

Internal audits check the implemented systems and processes.

An external audit is used to check the commitment of internal audits.

Audits should check for any vulnerabilities in the data center facilities that are provided to ensure
security.

Check to see if access control systems, CCTV cameras, and electronic locks are functioning and are being
maintained.

Strengthen access control systems

As an outcome of the audit checks, any facility requiring extra protection should receive additional
security.

For example, multiple verification methods for personnel entry into a certain area may be
recommended, such as an access card and fingerprint or retinal recognition.

Make an audit of the entire facility to check if the access control system needs to be tightened.

Enhance video surveillance

Video cameras should include both indoor and outdoor areas of the facility.

Similar to the access control systems, coupling these with 24-hour surveillance by security staff can
significantly enhance the safety of the facility.

Enforce security measures

This requires employee training on the security measures to be followed and the consequences if
procedures are violated.

Establish redundant utilities

Create redundancy in utilities like electricity and water and distribute the same to avoid common-mode
failures and to achieve high availability of the systems.
The ISO/IEC 31000 standards - risk management standard

• ISO 31000 is an international standard and it published in 2009.

• this standard provides principles and guidelines for effective risk management.
• It outlines a generic approach to risk management.
• This standard can be applied to various types of risks (financial, safety, project risks) and used by
any
• type of organization.

The risk management process of the ISO 31000

Risk identification – identifying what could prevent us from achieving our objectives

Risk analysis – understanding the source and causes of the identified risks

Risk evaluation – comparing risk analysis results with risk criteria to determine whether the residual risk

is presentable.

Risk treatment – changing the magnitude and likelihood of consequences both positive and negative to

achieve a net increase in benefit.

Establishing the context – The context comprises both external elements and internal elements of

organization and others. This fact explains the organization's objectives and the setting of risk

assessment criteria

Monitoring and review – It involves checking for deviations from the risk management plan, checking

whether the risk management framework, policy and plan are still appropriate, given organizations’

external and internal context, reporting on risk, progress with the risk management plan and how well

the risk management policy is being followed, and reviewing the effectiveness of the risk management

framework.

Communication and consultation – this task helps understand stakeholders’ interests and concerns, to

check that the risk management process and focusing on the right elements. It also helps to explain

about particular risk treatment options

Security policies
Internet security policies

This type of security contains when data sent and receive through web applications and if the system

has web – based components. Here incoming internet traffic for malware also unwanted traffic are

controlled

Network security policies

Network security refers to the controls taken for prevent entry of malicious individuals and programs

into the network.

Endpoint security policies

This security is involved with devices. here devices like desktop, laptop are given preventive measures to

protect them from malicious individuals and programs.

Data breach response policy

The goal of the data breach response policy is to describe the process of handling an incident and

remediating the impact on business operation and customers

Disaster recovery plan

A disaster recovery plan is developing as part of the large business continuity plan which includes both

cyber security and IT teams ‘recommendations. However, the business continuity plan is activated only

when the incident has a significant impact on the organization

other important policies

• Mobile Device Management (MDM) Policy

• Bring Your Own Device (BYOD)
• Encryption and Decryption Policy
• SPAM Protection Policies
• HR Policy Set
• System Maintenance Policy
• Vulnerability Management Policy
 4. Explain to management why it should be monitoring the e-commerce site’s performance and
why management should pay for pen tests and regular security audits to keep a healthy
ecommerce site

What is an Audit?

Security audits are also referring as an internal audit or a compliance audit.

These audits are performed to assess the security of your organization’s information system but they are
also performed to assess compliance with security legislation.

The frequency of security audits can vary depending on the company but many organizations do them
on a yearly basis.

Security audits can be categorized into various types some of them are network security, web app
security and block chain security audits and so on.

Important of security Audits

• Protects the critical data resources of an organization.

• Keeps the organization compliant to various security certifications.
• Identifies security loopholes before the hackers.
• Keeps the organization updated with security measures.
• Identifies physical security vulnerabilities.
• Helps in formulating new security policies for the organization.
• Prepares the organization for emergency response in case of a cybersecurity breach.

What is pen test ?

• A penetration test also known as a pen test is a simulated cyber-attack against your computer
system to check for exploitable vulnerabilities. In the context of web application security,
penetration testing is commonly used to augment a web application firewall.
• Pen testing can involve the attempted breaching of any number of application systems, (e.g.,
application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such
as unsanitized inputs that are susceptible to code injection attacks.
• Insights provided by the penetration test can be used to fine-tune your WAF security policies and
patch detected vulnerabilities.
Important of pen test

Preparation for An Attack

• The main reason penetration tests are crucial to an organization’s security is that they help
personnel learn how to handle any type of break-in from a malicious entity.
• Pen tests serve as a way to examine whether an organization’s security policies are genuinely
effective. They serve as a type of fire drill for organizations.
• Penetration tests can also provide solutions that will help organizations to not only prevent and
detect attackers but also to expel such an intruder from their system in an efficient way.

Risk Identification

• vaultes-employee-planning-penetration-test-on-client-server-Pen tests also offer insight into

which channels in your organization or application are most at risk and thus what types of new
security tools you should invest in or protocols you should follow.
• This process could help uncover several major system weaknesses you may not have even
thought about.

Decrease Amount of Errors

• Penetration testing reports can also assist developers in making fewer errors.
• When developers understand exactly how a malicious entity launched an attack on an
application, operating system or other software they helped develop, they will become more
dedicated to learning more about security and be less likely to make similar mistakes going
forward.