StudyDaddy Information Systems Assessment Description: A company profile helps to convey a business' value proposition to customers and identifies the services and products the company offers. A company profile is a window into the

Assessment Description: A company profile helps to convey a business' value proposition to customers and identifies the services and products the company offers. A company profile is a window into the

17

Business Continuity Plan (BCP) – Phase 3

Student's Name:

University

Course:

Professor’s Name:

Part 1: Issue-Specific Security Policies

Use of personal equipment on your company's network (BYOD)

  1. Issue Statement: The use of personal equipment on the company network (BYOD) raises security concerns due to the potential for increased risks to the confidentiality, integrity, and availability of company data.

  2. Statement of the Organization's Position: The company does not allow the use of personal equipment on the company network.

  3. Applicability: This policy applies to all company employees.

  4. Roles and Responsibilities: Employees are responsible for ensuring that their personal equipment does not connect to the company network.

  5. Compliance: Employees who violate this policy may be subject to disciplinary action, up to and including termination of employment.

  6. Points of Contact: Questions about this policy should be directed to the IT Department.

  7. Supplementary Information: To help you understand what is and is not acceptable when you bring your own device (BYOD) to connect to your company's network, we've provided the following information. Acceptable Use; You are responsible for ensuring that your device complies with your company's acceptable use policy. Your device must not be used to: access, store or distribute inappropriate or illegal material carry out any activity that is likely to jeopardize the security of the network. Bring the company into disrepute; You must also take reasonable steps to protect your device from malware and keep it up to date with security patches. Restrictions on Use; company may place restrictions on how you use your device on the network. For example, they may: restrict or prohibit access to certain websites or content; restrict or prohibit use of certain applications or services, require you to use certain security measures, such as encryption require you to install certain software or updates.

Internet Access Policy

  1. Issue Statement: The purpose of this policy is to define the acceptable use of the internet and to ensure the security of the organization's information assets.

  2. Statement of the Organization's Position: The organization views the internet as a valuable resource that can be used to support the organization's business objectives. However, the organization recognizes that the internet also poses risks to the security of its information assets. The organization will take measures to mitigate these risks while still allowing employees to use the internet for business purposes.

  3. Applicability: This policy applies to all employees of the organization.

  4. Roles and Responsibilities: All employees are responsible for adhering to this policy.

  5. Compliance: Compliance with this policy is mandatory.

  6. Points of Contact: The point of contact for this policy is the IT department.

  7. Supplementary Information: The organization's firewall policy and acceptable use policy should be consulted for more information on the use of the internet.

Personal use of company equipment

  1. Issue Statement: The unauthorized personal use of company equipment may result in the disclosure of sensitive information, damage to equipment, and decreased productivity.

  2. Policy Statement; The organization's position is that personal use of company equipment is allowed, provided that it does not interfere with work duties and responsibilities, and that the equipment is used in accordance with this policy.

  3. Applicability; This policy applies to all employees of the organization.

  4. Roles and Responsibilities; Employees are responsible for using company equipment in accordance with this policy.

  5. Compliance; Compliance with this policy is mandatory.

  6. Points of Contact; The point of contact for this policy is the Human Resources department.

  7. Supplementary Information; A person may use the company equipment for personal use if the use is consistent with the company’s guidelines and the use does not interfere with the company’s business activities. A person may use the company telephone for personal use if the use is consistent with the company’s guidelines and the use does not interfere with the company’s business activities.

Removal of organizational equipment from your company's property

  1. Issue Statement: The unauthorized removal of organizational equipment from company property poses a significant security risk.

  2. Statement of the Organization's Position: The unauthorized removal of any organizational equipment from company property is strictly prohibited.

  3. Applicability: This policy applies to all organizational equipment, including but not limited to computers, laptops, smartphones, and tablets.

  4. Roles and Responsibilities: All employees are responsible for ensuring that organizational equipment is not removed from company property without prior authorization.

  5. Compliance: Employees who violate this policy may be subject to disciplinary action, up to and including termination.

  6. Points of Contact: For questions or concerns regarding this policy, please contact the IT Department.

  7. Supplementary Information: Organizational equipment must be properly secured at all times to prevent unauthorized removal.

Issue-Specific Security Policies

  1. Issue Statement: The unauthorized use of unofficial software on organizational devices poses a serious security risk. Unofficial software may not be properly vetted and could contain malware or other security vulnerabilities.

  2. Statement Of the Organization's Position: The organization takes a strict stance against the use of unofficial software on any organizational device. Only official, approved software may be installed and used on these devices.

  3. Applicability: This policy applies to all organizational devices, including but not limited to laptops, desktop computers, smartphones, and tablets.

  4. Roles And Responsibilities: All users of organizational devices are responsible for ensuring that only official, approved software is installed and used on these devices.

  5. Compliance: Users who violate this policy may be subject to disciplinary action, up to and including termination of employment or contract.

  6. Points Of Contact: For questions or concerns about this policy, please contact the IT department.

  7. Supplementary Information: Use of unofficial software to access, copy, or distribute copyrighted works is unlawful. The Department has determined that the only lawful method of accessing the government-sponsored Federal Web site that contains the NEIS software is through the use of the Microsoft Internet Explorer browser software.

Part 3: Incident Response

Introduction

Poor mishandling of an incident can significantly negatively impact Mervin INC., its reputation, and its customers. The financial industry is a sensitive area of operation that demands high levels of computer system security and management of incidents. In order to mitigate the damage caused by an incident, Mervin INC. must have a plan in place to quickly and effectively respond. In recent years, there has been a surge in incidences within the financial industry. They are targeted due to the sensitive nature of the information that is stored by financial institutions. This information can include customer data, financial records, and other confidential information (Green et al., 2020; Idler et al., 2014). An incident response plan (IRP) outlines the steps that an organization will take in the event of a data breach and provides a framework for how the organization will manage the situation. In this essay, actions to be taken in case of a ransomware attack, power failure, and ISP failure will be evaluated. The process of managing a situation where a location of a business is rendered useless will also be evaluated.

Ransomware attack on one PC/user

Ransomware is a type of malware that encrypts a user's files and demands a ransom to decrypt them. There are many ways that ransomware can infect a system, such as through phishing emails, infected websites, or malicious advertisements. Once a system is infected, the ransomware will encrypt the user's files and demand a ransom to decrypt them. Ransomware can be very difficult to remove, and sometimes the only way to remove it is to restore the system from a backup. It can be a very costly affair, and it can also lead to the loss of sensitive data (Naseer et al., 2020). Additionally, ransomware can also result in the disruption of business operations, and it can be difficult to recover from such an attack.

According to the Incident Response Plan (IRP), Mervin INC should not pay the ransom and to try to remove the ransomware through its in-house IT teams. There are many tools and resources available to help remove ransomware. If the company does not have a backup of files, then they might have to pay the ransom to get your files back. However, it should only pay the ransom if it is sure that it will be able to get the files back.

When attacked by ransomware, Immediately disconnect the affected PC/user from the network. Do not pay the ransom. Restore the affected PC/user from backups, if available. Therefore, it is important for the company to find a cloud computing vendor who is proven and tested to provide a backup system. Run a malware scan on the affected PC/user. It will identify other gateways that might get used to attacking the system. Once all the red flags have been evaluated, the systems can be taken back online to provide services (Green et al., 2020; Naseer et al., 2020). Change all passwords for the affected PC/user. All affected employees should get taken through development programs to ensure they understand the dangers of poor password management are identified.

After ensuring all the systems are audited, all the affected relevant personnel that might help prevent future attacks are notified. It can include external IT vendors and IT specialists. It will ensure continuous monitoring of the affected PC/user continues for identification of any unusual activity. Since attackers will usually target a specific department or computers at Mervin INC., it will be easy to monitor unusual activities. They will do this by researching the company and finding out as much as possible about its systems and networks. Therefore, an audit of employees to weed out rogue employees is necessary.



Power failure

According to the incident response plan (IRP), power failures are inevitable in any organization. Therefore, Mervin INC should implement the IRP as a mandatory part of its strategy. Otherwise, there will be no excuse for failures. Power failure can have a major impact on any organization, large or small. Disruption of critical operations can cause significant financial losses, damage to reputation, and even loss of life (Idler et al., 2014). It is important to have a well-developed incident response plan (IRP) in place to minimize the impact of a power failure and ensure a quick and effective response.

The objectives of the IRP during a power failure should be to:

1. Minimize the impact of a power failure on operations. Therefore, backup generators and systems should be automatic

2. Restore power as quickly as possible. Emergency services should be reached, and the cause of the power failure should be identified.

3. Ensure the safety of employees and customers. The process of guaranteeing employees and customers are safe is through following the set guidelines on evacuation and closing of computer systems in a power failure.

The IRP objectives apply to Mervin INC to all power failures that occur at the organization, regardless of cause. Any form of limitation should have a special clause in the IRP. Otherwise, confusion will be inevitable. The incident commander will be responsible for the overall coordination of the response effort. Other key personnel will include the following:

1. Facilities manager: responsible for assessing damage and coordinating repairs

2. Safety officer: responsible for ensuring the safety of employees and customers

3. IT manager: responsible for coordinating the recovery of critical systems

4. Communications manager: responsible for coordinating internal and external communications

5. Procedures

The following procedures should be followed in the event of a power failure according to the incident response plan:

1. Notify all employees of the power failure and instruct them to follow safety procedures

2. Evacuate all customers from the premises. It should be organized to prevent the panic that will make the situation even worse.

3. Isolate all damaged equipment and systems. The process should be systematic; otherwise, gaps and inconsistencies will lead to crucial financial services failing.

4. Notify the utility company and request the restoration of power (Idler et al., 2014).

5. Notify local authorities as appropriate. If the power failure was caused by rogue employees, then legal action can be taken.

6. Begin recovery procedures for critical systems.

7. Notify employees of the status of repairs and expected return to service.

Communication during a power failure should be clear and concise. All employees should be made aware of the incident and instructed to follow safety procedures. Customers should be notified of the power failure and evacuated from the premises. Local authorities should be notified as appropriate. The utility company should be contacted to restore power (Naseer et al., 2020). Communication will also ensure sensitive infrastructure is not disrupted as outsourced vendors will fill the gaps. Mervin INC financial services will continue uninterrupted and save reputation and reduce overhead costs associated with litigation processes that might arise.

A power failure can have a major impact on any organization. It is important to have a well-developed incident response plan in place to minimize the impact of a power failure and ensure a quick and effective response.

ISP failure

The IRP identified it applies to all ISP-related outages, including those caused by hardware or software failures, power outages, network outages, and natural disasters. It ensures a holistic take on the incident is implemented. The most important step is identifying an ISP failure. Otherwise, if unrecognized, it will cause the failure of systems, and it might be too late to respond. ISP failures can be notified in a variety of ways, including through customer support channels, network monitoring tools, and social media. During an incident, the customer support channels will receive complains and feedback from Mervin INC’s clients. They use them to reach the IT team and IR team. Network monitoring tools can also send automatic messages to vendors to notify them of an outage. Once an outage of ISP is identified, the IRP states that the appropriate personnel should be reached. This may include the ISP support team, network administrators, and/or the incident response team. They will identify the scope of the outage. This may include identifying the affected locations, services, and customers. The support team can begin collecting information about the outage (Idler et al., 2014; Naseer et al., 2020). This may include gathering logs, network data, and customer reports. The last step is to activate the incident response plan.

After the initial response has been completed, the following steps should be taken to recover from the ISP failure:

1. Notify customers of the outage and estimated recovery time. It will eliminate anxiety and ensure a negative attitude towards the company does not develop.


2. Work with the ISP to resolve the issue. This may include troubleshooting hardware or software, implementing workarounds, and/or updating configurations.

3. Test the recovery procedures. This may include testing connectivity, performance, and functionality.

4. Implement the recovery procedures.

5. Monitor the recovery process. This may include monitoring system performance and customer satisfaction.

6. Update customers on the recovery status.

7. Close the incident.

The IRP has also provided guidelines to prevent future ISP failures. They help to reduce overhead costs and ensure accountability is improved. The leadership of Mervin INC can use the incident as a learning opportunity. Employee burnout and irregular management of ISP failure in the future will be prevented (Idler et al.,2014). Prevention of future ISP failures begins with reviewing the cause of the outage. This may include root cause analysis, post-mortem analysis, and/or lessons learned. Secondly, implementing changes to prevent similar outages is necessary. The change in the status quo leads to increased alerts of the incident. This may include changes to hardware, software, configurations, processes, and/or procedures.

Thirdly, test the changes. This may include testing in a lab environment and/or in a production environment. If the piloting stage is successful, the full implementation of the new changes is necessary. Monitoring the changes for a specific period of time is necessary. This may include monitoring system performance and customer satisfaction. Key performance parameters will act as a guide to the final audit of the IRP (Naseer et al., 2020). If there are major changes, then updating the incident response plan is necessary for future reference. This incident response plan (IRP) provides guidance on how to respond to an ISP failure. This IRP should be reviewed and updated on a regular basis to ensure that it remains current.

Challenges of an Incident Response

Lack of preparedness: Most organizations are not prepared for incident response. They lack the necessary policies, procedures, and tools in place to respond effectively to an incident. Lack of awareness: Many organizations are unaware of the importance of incident response or the potential benefits it can provide. As a result, they are often unprepared to deal with incidents when they occur. Lack of training: Many incident response teams lack the necessary training to respond effectively to incidents. This can lead to delays in response time and ineffective responses (Idler et al., 2014; Green et al., 2020). Lack of resources: Incident response can be resource intensive, and many organizations lack the necessary resources to respond effectively to incidents. This can include personnel, financial, and technical resources. Complexity: Incident response can be complex, and many organizations lack the necessary expertise to respond effectively to incidents. This can lead to delays in response time and ineffective responses.

Disaster Ruining Current Business Location

The first step is to identify what critical business functions need to be maintained during and after a disaster. The second step is to develop plans and procedures for how those critical business functions will be maintained. Reaching out to incident response experts is necessary. Thirdly, identify what resources (e.g., people,0 equipment, facilities, etc.) are needed to maintain those critical business functions. It will ensure accountability and transparency in the process, which can be chaotic if not efficiently monitored. The fifth step is to identify any risks that could impact the ability to maintain those critical business functions and develop mitigation plans accordingly. The risk management process is technical and might demand a separate budget to not only hire experts but also increase technology integration to support services.

Next is to develop and implement a communication plan to ensure all stakeholders are kept up-to-date on the status of critical business functions during and after a disaster. The next move is to test and exercise the plans and procedures regularly to ensure they are effective and up-to-date. Testing should involve a small portion of the business operations to ensure gaps that can be used to attack a system are not opened (Naseer et al., 2020). Monitoring and updating the plans and procedures regularly as needed based on changes in the business, environment, etc., are followed. The last step is reviewing and revising the plans and procedures regularly to ensure they are still effective and address any new risks that may have arisen. Therefore, the disaster will be well-managed all resources will be protected. As the business looks for a new location, its operations will still be guaranteed. Therefore, customers will not be lost.

Conclusion

In conclusion, the purpose of an incident response plan is to provide a structured approach for responding to an information security incident. The plan should be tailored to the organization's specific needs and should be reviewed and updated on a regular basis (Green et al., 2020). An incident response plan either for ransomware, power failure, or ISP failure should include the following components:

1. A list of incident response team members and their contact information

2. A list of incident types and associated response procedures

3. List of tools and resources needed to execute the response plan

4. A communications plan for internal and external stakeholders

5. A post-incident review and improvement process

An incident response plan should be tested periodically to ensure that it is effective and up-to-date. The plan should be reviewed and updated after each incident to ensure that it remains relevant and effective.

References

Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939-953.

https://asistdl.onlinelibrary.wiley.com/doi/abs/10.1002/asi.24311

Harsch, A., Idler, S., & Thurner, S. (2014, May). Assuming a state of compromise: A best practise approach for SMEs on incident response management. In 2014 Eighth International Conference on IT Security Incident Management & IT Forensics (pp. 76-84). IEEE.

https://ieeexplore.ieee.org/abstract/document/6824083/

Staves, A., Balderstone, H., Green, B., Gouglidis, A., & Hutchison, D. (2020, May). A framework to support ICS cyber incident response and recovery. In the 17th International Conference on Information Systems for Crisis Response and Management.

https://eprints.lancs.ac.uk/id/eprint/143070/

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!