LABS
LAB - 7
1. On your local computer, create a new document. You will use this document as your Lab Report.
2. On your local computer, open a new web browser window.
3. Using your favorite search engine, search for information on a business impact analysis (BIA).
4. In your Lab Report file, define BIA.
5. Using your favorite search engine, search for information on a business continuity plan (BCP).
6. In your Lab Report file, define BCP and explain how a BIA fits within a BCP.
7. Review the business functions in the following table:
|
Business Functions |
|
Internal and external voice communication with customers in real time |
|
Internal and external e-mail communication with customers via store and forward messaging |
|
Domain Name Server (DNS) for internal and external Internet Protocol (IP) communications |
|
Internet connectivity for e-mail and store and forward customer service |
|
Self-service website for customer access to information and personal account information |
|
e-Commerce site for online customer purchases or scheduling 24 x 7 x 365 |
|
Payroll and human resources for employees |
|
Real-time customer service via website, e-mail, or telephone requires customer relationship management (CRM) |
|
Network management and technical support |
|
Marketing and events |
|
Sales orders or customer/student registration |
|
Remote branch office sales-order entry to headquarters |
|
Voice and e-mail communications to remote branches |
|
Accounting and finance support: Accounts payable, Accounts receivable, etc. |
8. In your Lab Report file, list a qualitative business impact value of Critical, Major, Minor, or None for each function.
Note: For a descriptive comparison of qualitative versus quantitative risk assessment, read this article: https://www.sans.org/reading-room/whitepapers/auditing/data-centric-quantitative-computer-security-risk-assessment-1209
9. In your Lab Report file, list the IT systems, applications, and resources that are impacted for each of the functions.
10. In your browser, navigate to http://searchdisasterrecovery.techtarget.com/feature/Using-a-business-impact-analysis-BIA-template-A-free-BIA-template-and-guide/ .
11. Read the article titled “Using a business impact analysis (BIA) template” for guidance on writing a business impact analysis. Consult the article for the meaning of the terms recovery time objective (RTO) and recovery point objective (RPO).
12. In your Lab Report file, assess the recovery time objectives (RTO) for each of the impacted IT systems, applications, and resources.
13. Write a four-paragraph executive summary that includes the following:
· Goals and purpose of the BIA (unique to your scenario)
· Summary of findings (business functions and assessment)
· Prioritizations (critical, major, and minor classifications)
· IT systems and applications impacted (to support the defined recovery time objectives)
Note: This completes the lab. Close the browser if you have not already done so.
LAB – 8
1) On your local computer, create a new document. You will use this document as your Lab Report.
2) Review the Mock IT infrastructure for a health care IT infrastructure servicing patient with life-threatening conditions.
Mock IT Infrastructure
3) In your Lab Report file, describe some of the major threats and vulnerabilities that might threaten areas of the Mock IT infrastructure in Figure 1.
Note: To identify critical business function areas subject to threats, consider what systems or processes are essential to business operations and are also single points of failure.
4) On your local computer, open a new web browser window.
5) Using your favorite search engine, search for information on a business impact analysis (BIA).
6) In your Lab Report file, define BIA.
7) Using your favorite search engine, search for information on a business continuity plan (BCP).
8) In your Lab Report file, define BCP and explain how a BIA fits within a BCP.
Note: In real-world scenarios, BCP testing should be as authentic as possible. Caution: It is a thin line between genuinely testing your BCP and inadvertently causing an unrecoverable business disruption. After every BCP test, however small, you will learn some lessons. Add these details to your BCP document after having tested it. Every detail can help minimize recovery time.
9) In your Lab Report file, create an outline of the BCP sections and subtopics that apply to the Mock IT infrastructure. Include these topics in your outline:
· Initiation of the BCP (introduction, definitions, relevant policy statements, BCP organizational structure, BCP declaration, BCP communications, and information sharing)
· Business Impact Analysis (risk assessment and analysis prioritizing business functions and operations aligned to IT systems, applications, and resources)
· Business Continuity/Disaster Readiness/Recovery (recovery time objective [RTO], recovery point objective [RPO], business continuity benchmarks, disaster recovery planning [DRP as a subset of a BCP plan], and recovery steps and procedures for mission-critical IT systems, applications, and data)
· Develop and Implement the Plan (the plan is a living and breathing document that requires annual updates and change control revisions; implementation and the instructions for how to engage the BCP are part of this section)
· Test and Update the Plan (the most important part of a BCP or DRP is to test the plan with a “mock” business continuity disruption or disaster scenario; tabletop reviews of the processes and procedures can be conducted to inform all BCP and DRP team members of their roles, responsibilities, and accountabilities)
Note: This completes the lab. Close the web browser if you have not already done so.
LAB - 9
1. On your local computer, create a new document. You will use this document as your Lab Report.
2. On your local computer, open a new web browser window.
3. Using your favorite search engine, search for information on recovery time objective (RTO).
4. Briefly review at least three of the first page results regarding RTO.
5. In your browser, navigate to http://www.bluelock.com/blog/rpo-rto-pto-and-raas-disaster-recovery-explained/ .
6. Read the article titled “RPO, RTO, PTO and RaaS: Disaster recovery explained.”
7. In your browser, navigate to http://www.computerweekly.com/feature/How-to-write-a-disaster-recovery-plan-and-define-disaster-recovery-strategies/ .
8. Read the article regarding disaster recovery strategies.
9. Make a backup of any Lab Reports you may have completed from this lab manual. If this is the only lab you have worked on, then make a mock Lab Report and back that one up instead.
10. Attach the file(s) to an e-mail to your personal e-mail address. You may need to send multiple e-mails depending on your e-mail’s size limitations.
Note: At this point, ask yourself questions from the perspective of recovering from a disaster: Would I be able to access this e-mail from an offsite computer? Where is the e-mail stored? If I were incapacitated, is someone else able to proceed without me? This is the mindset of someone crafting business continuity plans.
11. Verify receipt of the e-mail message(s), and then open and verify file integrity for each attachment.
12. In your Lab Report file, write the backup procedures and recovery procedures you used.
Note: Arguably, the most important section of any business continuity plan is the Procedures section. A business can plan disaster recovery scenarios extensively, carefully weighing all possible risk likelihood and impacts. However, without detailed procedures with which to execute the recovery, a business will not resume operations efficiently, if at all. And this is especially true in times of near-panic and extreme “executive oversight” immediately following a disaster. The key source for documenting accurate and helpful recovery procedures is testing.
13. In your Lab Report file, describe your personal procedures in terms of your RTO as explained in websites visited earlier in this lab.
14. Test your backup and recovery procedures per your RTO.
15. In your Lab Report file, describe ways you can lower the RTO.
Note: This completes the lab. Close the web browser if you have not already done so.
LAB – 10
1. On your local computer, create a new document. You will use this document as your Lab Report.
2. Review the Mock IT infrastructure for a health care IT infrastructure servicing patient with life-threatening conditions.
Mock IT Infrastructure
3. In your Lab Report file, identify and then document the security controls and security countermeasures you can implement throughout the Mock IT Infrastructure to help mitigate risk from unauthorized access and access to intellectual property or customer privacy data.
4. Review the steps for creating a CIRT plan as outlined in the following table:
|
Step |
Description of Step |
|
Preparation |
What tools, applications, laptops, and communication devices are needed to address computer/security incident response for this specific breach? |
|
Identification |
When an incident is reported, it must be identified, classified, and documented. During this step, the following information is needed: validating the incident; identifying its nature, if an incident has occurred; identifying and protecting the evidence; and logging and reporting the event or incident. |
|
Containment |
The immediate objective is to limit the scope and magnitude of the computer/security-related incident as quickly as possible, rather than allow the incident to continue to gain evidence for identifying and/or prosecuting the perpetrator. |
|
Eradication |
The next priority is to remove the computer/security-related incident or breach’s effects. |
|
Recovery |
Recovery is specific to bringing back into production those IT systems, applications, and assets that were affected by the security-related incident. |
|
Post-Mortem Review |
Following up on an incident after the recovery tasks and services are completed is a critical last step in the overall methodology. A post-mortem report should include a complete explanation of the incident and the resolution and applicable configuration management, security countermeasures, and implementation recommendations to prevent the security incident or breach from occurring again. |
Note: The post-mortem review is arguably the most important step as CIRT team members re-evaluate their actions with the valuable luxury of hindsight. When the CIRT members are able to look back to compare what they saw and how it related to what happened next, they can continually improve what they offer the organization.
5. In your Lab Report file, create a CIRT response plan approach according to the six-step methodology unique to the risks associated with the item you choose from the following:
· Internet ingress/egress at ASA_Student
· Headquarters’ departmental VLANs on LAN Switch 1 and 2 with cleartext privacy data
· Remote branch office locations connected through the WAN
· Data center/server farm at ASA_Instructor
Note: This completes the lab. Close the web browser if you have not already done so.