Explain how the system could be verified as operational

Assignment Help Management Information Sys
Reference no: EM132271979

Task 1

Competencies

Scenario

Requirements

COMPETENCIES

427.1.1 Integrated Principles of Disaster Recovery and Enterprise Continuity

The graduate evaluates the background, purpose, and value of a comprehensive disaster recovery plan; integrates principles of disaster recovery and enterprise continuity; and documents the plans in a disaster recovery and enterprise continuity brief.

SCENARIO

A university is applying for the National Security Agency's Center of Academic Excellence. As part of that application, the university must put together a disaster recovery/enterprise continuity plan and show proof of its implementation. To do this, the university first needs to obtain executive support for the plan. The application requires a written justification to the executive team to support the project. You have been hired as a consultant to help them get organized so they can begin putting together this plan.

The university's administrative offices are located in a downtown urban area. The university itself occupies all of the sixth, seventh, and eighth floors of an 11-story building. The university's servers are housed in an offsite location. Approximately 350 employees work on the university's three floors.

All but 50 employees work in 5 feet x 5 feet cubicles. Each cubicle has one laptop, one additional monitor, wired and wireless access, and one voice over IP (VoIP) phone for equipment. The network uses Microsoft Server 2003, an Exchange server, and a SharePoint server for all data. Student records are stored on the offsite servers, and backups of the servers are run three times a day.

Employees can only get into secured office locations with a secure electronic key. Stairwells are locked and are only accessible via a key code punched in at each entrance. Elevators can only access the three university floors by using the same secure electronic key that will get employees into office spaces.

There are some physical risks to the operation. Blizzards could potentially knock out power. Earthquakes could damage the building. High winds could blow out windows and possibly injure people near those windows.

REQUIREMENTS

Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

Create a multimedia presentation (e.g., PowerPoint, Keynote) (suggested length of 15 slides) which presents a disaster recovery plan/enterprise continuity plan (DRP/ECP) by doing the following:

Note: The purpose of the presentation is to justify to administrators in the scenario the need to implement a disaster recovery and enterprise continuity plan for the organization.

Describe the roles of a DRP/ECP team.

Outline the type of training a typical DRP team will need.

Outline the six resilience layers that need to be integrated into the ECP.

Provide one example for each of the six resilience layers related to this enterprise.

Outline how the university should go about choosing outside expertise to assist with the development of a DRP.

Describe what the university will outsource to the outside experts.

Discuss the process of how the university will go about identifying the qualified outside experts and what service agreements you will put in place.

Describe the outside expert's qualifications for what you are outsourcing.

Evaluate one best method for developing a DRP/ECP awareness campaign.

Evaluate one best method for implementing a DRP/ECP awareness campaign.

Develop presenter notes for each slide. Please submit any PowerPoint presenter notes in a seperate file that is in document format (for example, MS Word). Identify which slide each set of notes apply.

When you use sources, include all in-text citations and references in APA format.

Task 2

COMPETENCIES

427.1.5 Responding to Attacks and Special Circumstances

The graduate identifies, evaluates, and applies network response procedures for attacks with special circumstances.

427.1.7 Continued Assessments During a Disaster

The graduate assesses needs, threats, and solutions prior to and during a network disaster.

SCENARIO

An employee hacked into the human resource records system at the employee's place of business and changed the employee's base salary rate to obtain a pay raise. The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount.

Fortunately, an auditor happened to discover the error. The auditor sent an e-mail to several individuals within the organization to let them know there was a potential problem with the employee's paycheck. However, the employee was able to intercept the message and craft fake responses from the individuals the original e-mail was sent to.

The employee and the auditor exchanged e-mails back and forth until the employee was soon given access permissions for some other financial records. With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee's own paycheck.

The IT staff determined that the spoofing that occurred that allowed the employee to gain access to the human resources system was caused by a lack of authentication and encryption controls. As such, a local root certificate authority was installed to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate. This would encrypt network traffic to and from the human resources system and prevent eavesdropping. It would also properly authenticate the host to prevent spoofing.

REQUIREMENTS

Perform a postevent evaluation of how the organization's IT staff responded to the attack described in the scenario by doing the following:

Describe the series of malicious events that led up to the incident.

Identify who needs to be notified based on the type and severity of the incident.

Outline how the incident could be contained.

Discuss how the factor that caused the incident could be eradicated.

Discuss how the system could be recovered to return to normal business practice.

Explain how the system could be verified as operational.

Perform a follow-up of the postevent evaluation by doing the following:

Identify areas that were not addressed by the IT staff's response to the incident.

Identify the other attacks mentioned in the scenario that were not noticed by the organization.

Describe the type and severity of the attacks not noticed by the organization.

Describe how these additional attacks can be prevented in the future.

Recommend a recovery procedure to restore the computer systems back to a fully operational state.

When you use sources, include all in-text citations and references in APA format.

Reference no: EM132271979

Questions Cloud

Who is products acquisition manager for a large super market : MLC707 - Business Law Assignment, Deakin University, Victoria, Australia. Who is products acquisition manager for a large super market chain, Super Supplies Ltd
Evaluation of the performance of the file system : The goal of this assignment is to gain experience with simple evaluation of the performance of the file system - Now you should create four test programs
Which of the following is not an indicator of internal theft : Security architects should couple intrusion sensors with which of the following for enhanced detection of external threats?
Pontification ltd has a number of investment options : Pontification Ltd has a number of investment options however your client has limited these investments to only the following two options
Explain how the system could be verified as operational : Discuss how the system could be recovered to return to normal business practice. Explain how the system could be verified as operational.
Find the history of a currency through google or wikipedia : Choose any one country's currency that you are interested in. Write down how the currency'sexchange rate policy has been changed over the last 5 decades
What is the company cost of capital : A company is 46% financed by risk-free debt. The interest rate is 11%, the expected market risk premium is 9%, and the beta of the company's common stock is .56
Design a hipaa compliance protocol for a medical practice : Design a HIPAA Compliance Protocol for a Medical Practice. Assume that your group is a HIPAA compliance consulting agency.
One-year option instead of the six month : If you decided you wanted to buy a one-year option instead of the six month, would it cost you more or less? Why?

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd