Question

Identifying flaws in contingency plan

Objectives:

1. Research real world incidents, identify shortcoming (IR, BP or CP) and recommend possible solutions.

Course Learning Outcomes:

1. CL05, CL01: Student will be able to understand, implement and bring recommendations to contingency plan

Tools or Equipment Needed:

1. PC
2. Internet explorer or chrome
3. Internet

Theoretical Background:

A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen.

A contingency plan is sometimes referred to as "Plan B," because it can be also used as an alternative for action if expected results fail to materialize. Contingency planning is a component of business continuity, disaster recovery and risk management.

The seven-steps outlined for an IT contingency plan in the NIST 800-34 Rev. 1 publication are:

1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.

2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business functions.

3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.

4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.

5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.

6. Ensure plan testing, training and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.

7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.

Lab Exercise 1

Using a browser and search engines, search the term “citibank backup tapes lost”.

You will find many articles, pick one of them and address following questions: -

1. What is the incident?

2. What part of contingency planning process came short? (IR, BP or CP)?

3. How can we prevent this from happening again?

Exercise 2

Using a web browser and search engines, search the terms “I-35 bridge collapse and response”. You will find many results. Select at least three articles to skim through the impact on human life, then answer: Did contingency planning saves lives in this disaster? Give your reasoning to your answer.

please write it in computer hand writing not on paper

Answer 1

Lab Exercise 1

------> “citibank backup tapes lost”

1.What is the incident?

Ans.Citibank consumer finance division announced in June 2005 that there was a data breach of about 3.9 million US customers as the computer tapes containing the data about their accounts had been lost. However no fraudulent activity has been traced back to the data so far, security officers cannot completely rule out future incidents.

2.What part of contingency planning process came short? (IR, BP or CP)?

Ans.Securing sensitive knowledge starts with the high-level security strategy of classifying knowledge into classes,parenthetically,sensitive for info admire Social Security numbers, account info and health knowledge tied to a name confidential for info admire business plans and client data; and general for info admire correspondence. Encryption are often applied in an exceedingly style of ways in which. One resolution is to write sensitive knowledge, admire Social Security numbers, mechanically after they square measure entered into a field. Most of the information systems out there go with constitutional coding schemes.

3.How can we prevent this from happening again?

Ans.

a. The company should encrypt the data.

b. Citibank should notify the public immediately when they lost the tape.

c. They should have blocked all the credit cards and accounts.

d. Continuous data protection can be one of the possible solutions, where a system's data is continually being backed up. This ultimately removes all the issues associated with traditional tape backups in that downtime is not necessary as your data is being backed up continuously as changes are made. Adequate disk storage is necessary to store the most recent revised data in order to implement the solution.

e. Periodically snapshot of the data can be taken; and the snapshots can be backed up to tape for longer term storage at our convenience.

NOTE: Tried giving the first 3 answers of your question. hope it would be of help to you.DO give a thumbs up for my effort. 0:).