MIS 5214 - Section 001 - David Lanter
April 7, 2021 by Jose Gomez 45 Comments
Zibai Yang says
April 8, 2021 at 8:56 am
What is needed for a complete BCP？
Vanessa Marin says
April 13, 2021 at 11:42 pm
I just did this for a client and there is an actual formula to follow!
1. Scope! You have to know what your limits in the BCP are or else you’ll drive yourself nuts trying to cover everything or not covering enough.
2. Identification of the key business areas impacted is important – which departments are impacted, who needs to be involved in the communication stream, etc.
3. Identify the critical functions – these are the basic functions that would need to happen in order to keep the business going.
4. Find the dependencies – what are the dependencies between the business areas and the critical functions and organize them by priority.
5. Downtime – how long can each critical function be down with the least impact?
6. Create a plan – this is your draft of the plan. There are many templates you can find online that have detailed instructions.
7. Test, test, test! Can’t stress this enough! It is important to have tabletop exercises and and mock event exercise to ensure that your BCP plan is actually functional and effective. During these tests you’ll test out the process, response time of the team at each phase of the BCP.
Ting-Yen Huang says
April 9, 2021 at 1:43 pm
There are so many planes that seem needed for a company, how does the company prioritize them?
Mei X Wang says
April 12, 2021 at 4:59 pm
The company should first assess the organization’s assets by performing a BIA and by using FIPs 199 security categorization. Security categorization is based on the three security objectives, confidentiality, integrity, and availability. After the assets are scored, the assets with the overall high rating should be prioritized and have the most resources allocated in case of an attack. The lower scored assets still need to be protected as well but at a lower priority, Using the FIPS 199 model will help the organization categorize their assets based on industry-approved standards.
Xinyi Zheng says
April 11, 2021 at 2:36 am
What is the differences between business continuity plans and IT disaster recovery plans?
Haozhe Lin says
April 12, 2021 at 12:02 am
Business continuity (BC): it refers to the maintenance of business function or rapid recovery function in case of major interruption, whether the interruption is caused by fire, flood, epidemic disease, or malicious Internet attack. It is necessary to describe the procedures and instructions that enterprises must comply with within the face of these disasters, and it also changes the business processes, assets, human resources, business partners, and other aspects.
Disaster recovery plan: it mainly focuses on the recovery of IT infrastructure and business after a disaster, which is only an integral part of the complete business continuity plan.
Many people think that a disaster recovery plan and business continuity plan are the same things, but in fact, a business continuity plan focuses on the continuity of the whole enterprise. After a disaster, do you have a way to keep the human resources, manufacturing, sales, and support teams in normal operation, to ensure that the company can continue to make money? If the building where the enterprise is located is razed by a tornado, how should these customer service representatives deal with customer calls? Can they temporarily work at home, or in a spare site? All these problems, Business continuity companies are also taking advantage of this opportunity to rent out cubicles, including desks, telephones, and computers, and disaster recovery services based on services and equipment, to these enterprises that have suffered catastrophic accidents. Business impact analysis (BIA) is another component of the business continuity plan. BIA can determine the impact of a sudden loss of business functions, and it usually quantifies this impact. This kind of analysis can also help you evaluate whether you should outsource the non-core business in the business continuity plan. Basically, BIA can help you look at the processes of the whole enterprise and determine which processes are most important.
Priyanka Ranu says
April 11, 2021 at 12:02 pm
What are the steps involved in a Cyber Incident Response Plan?
April 12, 2021 at 12:23 am
1. Form an incident response team
2. Develop an action manual
3. Prevention and preparation
4. Discovery and containment
5. Perform post-mortem analysis
Anthony Messina says
April 13, 2021 at 9:01 am
The SANS incident response plan consists of 6 steps:
The NIST Incident Response Process contains four steps:
Detection and Analysis
Containment, Eradication, and Recovery
Prince Patel says
April 14, 2021 at 11:35 am
the steps involved in a Cyber Incident Response Plan as per Security metrics website are:
6. Lessons Learned
this is similar to NIST 4 Step plan:
2. Detection and Analysis
3. Containment, Eradication, and Recovery
4. Post-Incident Activity
Cami Chen says
April 11, 2021 at 7:12 pm
What are the differences of implement a business contingency plan between large organizations and small businesses?
Heather Ergler says
April 11, 2021 at 7:37 pm
Why is it so important that information system contingency plans be consistent across various government agencies?
April 13, 2021 at 11:48 pm
So I went on the website whitehouse.gov and found a list of the contingency plans across the federal governments and guess what – they aren’t consistent. The structure of the plans are relatively similar but each department has it’s own goals, requirements, definitions and needs.
If you mean a consistency in documentation, even that can be challenged. I’ve rarely known, even in the US, any department that functions exactly like another. Even the sections for reporting to the general public are unique.
Krish Damany says
April 11, 2021 at 7:55 pm
Of the different types of plan in the BCP umbrella, which is the most important to consider, or should all plans be considered equally?
Jonathan Castelli says
April 11, 2021 at 8:12 pm
Which step is the most important in the incident response process and why?
April 12, 2021 at 10:08 pm
The detection and analysis step is the most important in the incident response process. In order to mitigate risks, the detection and analysis step can directly point out the area, where the action should begin to respond to the incident process. Organizations need to have strong detective capabilities to structure their information systems, so they can have enough time to resolve an incident. For example, they can use alert tools to monitor the systems.
Anthony Wong says
April 13, 2021 at 7:49 pm
I think the most important step is the post-incident activity because it creates discussion and knowledge sharing on the incident. Additionally, it allows for the team to determine where the weak points were that lead to breach and what can be done in the future to prevent similar attacks from occurring in the future.
April 11, 2021 at 8:41 pm
What is the difference between signature-based and anomaly IDS?
April 12, 2021 at 12:33 am
Signature detection includes searching a series of bytes or packet queues in network communications to find known malicious programs. The biggest advantage of this detection method is that if you know the network behavior you want to find out, this signature is easy to develop and understand.
Anomaly detection technology is centered on the concept of network behavior benchmarks. This benchmark is an accepted explanation of online behavior. The anomaly detection engine will detect any behavior patterns that do not conform to people’s pre-defined or accepted behavior patterns.
April 13, 2021 at 9:08 am
Signature-based detection is when a file is determined to be malicious, a digital signature is written and uploaded to a database so anti-malware programs are able to detect that file or component in the future. Anomaly based detection looks at the behavior of the file. It is not necessarily looking for bad strings in the file, but looking for weird strings that cause it to behave in a while that is not common within the network.
Junhan Hao says
April 11, 2021 at 9:27 pm
How do companies overcome the time synchronization issue?
April 13, 2021 at 9:13 am
Companies utilize NTP – the network time protocol. NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC). Generally companies will have an NTP server that the NTP protocol connects to so that all the devices are on the same time within a millisecond of each other.
Austin Mecca says
April 11, 2021 at 9:46 pm
What in the BCP do you consider the most important?
April 12, 2021 at 10:33 pm
I think that it is necessary to have a backup plan in the BCP. Can you imagine that your documents are destroyed when you try to file your tax return on the last day? If you make a copy and upload to your cloud or save it in your UBS, you will not suffer it. For organizations, they need to know what data should be stored, and how to back up the data. Also, the backups need to be testable, so the data can be recovered. The backup plan must mention how frequency to back up the data, and companies are able to mitigate some losses.
April 13, 2021 at 8:32 pm
I totally agree, I could not imagine having the BCP plan and actually needing it. It would be chaos trying to put something together, all the while limited groups are able to work, revenues and profits are disappearing and investors and executives are looking for answers from anyone and everyone. I actually don’t think that more than 1% of companies would be able to survive an attack and not having a BCP in place. Unlike other areas and sectors, this is not something that can easily be done on the fly in the event of an emergency.
April 13, 2021 at 11:54 pm
In my opinion BCPs are documents for a moment in time. A fantastic BCP plan may have been written that outlined everything you need to in case of an incident, but if it hasn’t ever been tested, reviewed or updated and it’s 5 years old… Well, then you might as well serve your business on a platter for the next guy to take over.
To me plans and policy are only as good as the latest update. Technologies change, get replaced. Business processes improve or are deprecated. Business environments change as you expand or pivot. Changes may be required due to changes in infrastructure, software, people, regulation, etc. All these things affect BCP and other types of contingency plans.
Zhen Li says
April 11, 2021 at 10:27 pm
There are three way of the containment, there are disconnection, black-holing the attacker, continuing to collect data, which is the most effective?
April 13, 2021 at 5:06 pm
It depends on the purpose of the containment. If an attacker is executing the same hack that has been seen repeatedly, possibly disconnecting is the best approach. If the hack seems to be original then possibly blackholing or continuing to collect data is the best approach. SIEM monitors need to have standard operating procedures with criteria to determine which approach is to be taken with each attack.
Wenyao Ma says
April 11, 2021 at 10:56 pm
How often should the organization perform simulations in response to disasters?
April 13, 2021 at 7:19 pm
Simulations shouldn’t take up the time of the network that most employees are accessing it. They should be done periodically as the organization determines sees fit, which could be once or twice a month, every 6 months, or every year. It ultimately depends on the size of the organization, and what times of the day the fewest amount of regular users are not accessing the network.
April 13, 2021 at 7:54 pm
I think simulations should be performed at least once a year. This ensures that the plan is updated and accurate. If a key resource in the plan has the organization, this can be a great exercise to help the new resource come up to speed. Similar to Krish’s response, the simulation so occur when users will be impacted the least. This may differ based on the industry of the organization. For a retail company, they may want to avoid tests on the weekends.
April 11, 2021 at 11:11 pm
How are Honey Pots critical to Security Infrastructure ?
April 13, 2021 at 3:06 am
Honeypot technology is meant to entice hackers by being easy to penetrate and appearing to contain desirable information. The honeypot can reveal where attackers are coming from, and the information gathered when hackers are lured in helps understand their motivation and behavior. Honeypotting can also be used to deflect attacks from actual targets.
Kyuande Johnson says
April 11, 2021 at 11:37 pm
Whats are the differences between a Intrusion Detection System and a Intrusion Prevention System?
April 12, 2021 at 1:07 am
The main difference between IDS and IPS: ids mainly detect the inside of the system, runs on the monitored host, and monitors the host’s network behavior, system log, process and memory, and other indicators; ips act on the firewall and external network of the system. Analyze the flow to the inside.
April 13, 2021 at 3:01 am
IDS are monitoring systems and IPS are control systems. IDS won’t alter network traffic while IPS prevents packets from delivering based on the contents of the packet, similar to how a firewall prevents traffic by IP address.
April 14, 2021 at 11:37 am
The main difference between them is that IDS is a monitoring system, while IPS is a control system.
IDS doesn’t alter the network packets in any way, whereas IPS prevents the packet from delivery based on the contents of the packet, much like how a firewall prevents traffic by IP address.
Intrusion Detection Systems (IDS): analyze and monitor network traffic for signs that indicate attackers are using a known cyberthreat to infiltrate or steal data from your network. IDS systems compare the current network activity to a known threat database to detect several kinds of behaviors like security policy violations, malware, and port scanners.
Intrusion Prevention Systems (IPS): live in the same area of the network as a firewall, between the outside world and the internal network. IPS proactively deny network traffic based on a security profile if that packet represents a known security threat.
April 11, 2021 at 11:42 pm
What key controls do you feel are the most important to implement or ensure that an organization has in place?
April 11, 2021 at 11:56 pm
A hot site should be implemented as a recovery strategy when the Recovery Time Objective (RTO) is high or low?
April 13, 2021 at 12:01 am
when the RTO is low. If this time gap is short, a recovery strategy that can be implemented in a short time should be used.
April 12, 2021 at 8:41 am
While many IDS solutions will pull log files from the various devices, parse them, present them to the analyst in a readable form, sometimes you may have to go into a machine and dig through log files yourself. Are there any commands or software you have run into that could make combing through endless log files any easier?
April 12, 2021 at 4:54 pm
What are the benefits of a business impact analysis?
April 13, 2021 at 2:55 am
BIA can help to identified the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes; assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis.
April 13, 2021 at 6:58 pm
The organization can summarize some form of BIA report. The report may be useful in considering risk management and understanding the potential impact of different business interruption scenarios.
April 13, 2021 at 8:50 pm
Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency. BIA is needed as it identifies scenarios that could potentially cause losses to the business and through this the business can come up with a plan for investment for recovering, mitigation and prevention strategies. With the due diligence of a business impact analysis in hand, a business has a well thought out plan to recover from a disaster. Information gathered in the BIA assists in determining the Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). RPO is the ability to recover files by specifying a point in time to restore the backup copy. RTO measures the time it takes for a system to be completely up and running in the event of a disaster.
You must be logged in to post a comment.