Benchmark - Developing Contingency Strategies For Information System
pdf
keyboard_arrow_up
School
Grand Canyon University *
*We aren’t endorsed by this school
Course
320
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
7
Uploaded by BailiffKnowledge19216
1
Benchmark
–
Developing Contingency Strategies for Information System
Adrian Andrade
Grand Canyon University
ITT-430
Timothy Montgomery
Due November 5, 2023
2
Company: Canyon Aeronautics
List of Threats
List of Threats:
-
System misconfigurations
-
Out-of-date and unpatched software
-
Missing or weak authorization credentials
List of Threats and Their Impact from Highest to Lowest
List of each Threat
Impact on Company
System Misconfigurations
High
Out-of-Date Software
High
Weak Authorization Credentials
High
List of Threats and Their Impact from Highest to Lowest + How loss of System will Impact Company
List of each Threat
Impact on Company
How the Loss of the System
will Impact the Company
System Misconfigurations
High
Losing our data or assets in our
company is very, very damaging
(depending on the asset). If the
asset is something super
confidential, then the losses will
be heavy, we would lose an
enormous amount of money,
and reputation. However, the
losses wouldn't be as severe if
the assets were of less
importance.
Out-of-Date Software
High
Weak Authorization Credentials
High
List of Threats and Their Impact from Highest to Lowest + How Loss of System will Impact
Company + Appropriate Measures to Recover from each Threat
List of each Threat
Impact on Company
How the Loss of the
System will Impact
the Company
Appropriate Measures
to Recover from each
Threat
System
Misconfigurations
High
Losing our data or
assets in our company
is very, very damaging
(depending on the
asset). If the asset is
For System
misconfigurations, the
best way to recover is
to get all employees
back on board and on
3
something super
confidential, then the
losses will be heavy, we
would lose an
enormous amount of
money, and reputation.
However, the losses
wouldn't be as severe if
the assets were of less
importance.
the way of recovering
everything. Next is to
find where the system
misconfigurations are,
and patch them.
Correctly configure
each system
configuration to ensure
that the threat can no
longer affect the
company, and the crisis
can be averted.
Out-of-Date Software
High
The best way to
recover out-of-date
software is to update
the software. The
whole issue arose from
software being out-of-
date. The next thing to
do is to configure each
device to auto-update
at a certain time of
day. This way, the
software is more likely
to be up-to-date in the
future. Of course, the
employees will need to
trained of this, and
know what to do when
the system needs to
update.
Weak Authorization
Methods
High
The best way to recover from
weak authorization credentials
is to set up a multi-step process,
and make it required to
authenticate with more than
just user credentials, like a
username or password. The
other authentication methods
could be biometrics, smart-card,
one time passwords via phone
number or email, etc.
Incident Response Plan (IRP)
In this plan, we will describe the steps to take when a cyber incident occurs (due to one of our threats
being exploited, such as weak credentials, or system misconfigurations). This plan will outline the roles
and responsibilities of the security organization, going from users to CISO and our reporting guidelines.
More so, this plan will articulate activities to mitigate possible or real time threats (key examples are
system monitoring and incidence response).
Alongside that, this plan will display workflow diagrams and event to resolution, explanation of the six
stages of incident handling related to the company, escalation procedures, with an associated chart, a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
sample incident response (IRP) to be used to mitigate possible or real time threats with escalation
matrices and contact grids. And description of incident response strategies incorporating real-time
monitoring tools and regulatory requirements
In this section, we will show the names of our employees and their roles in the event of a security breach:
1.
Bruce Wayne
–
Customer Service Supervisor
2.
Clark Kent
–
Marketing Manager
3.
Arthur King
–
Help Desk Specialist
4.
Jack White
–
Cybersecurity Analyst
5.
Peter Parker
–
Network Engineer
In this section, we will list the guidelines when it comes to reporting a possible attack on customer data
information
a.
Document the threat and track the information leaked.
b.
Inform the information security officer to begin the incident response plan process, which includes
informing all employees of the breach and ensuring every
team member
who has a responsibility for
the incident responds accordingly.
c.
Consult with the marketing team to create a press release with information regarding the security
breach and an email to potentially affected customers.
d.
Discuss the breach within the customer service team in order to create procedures for answering
customer questions via phone and email regarding the information leak.
e.
Run security patches to fix network and ensure no further issues.
f.
Run penetration testing to identify any areas of weaknesses in security points.
g.
Verify that the security breach is over and the website is operating again.
h.
Reevaluate security systems and verify hackers can't replicate the incident.
In this section, we will outline all the activities you can take to mitigate a possible or real time threat.
1.
Scan all inventory
2.
Remove necessary or unexpected hardware and software from the network
3.
Reduce attack surface
4.
Cyber Risk Mitigation
In this section, we will give an example workflow diagram, that stars from the inception of an incident to
it’s resolution.
5
In this section, we will outline the six stages of incident handling in context to our company, Canyon
Aeronautics.
The stages are: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
The first stage, Preparation, relates to the assembling of a cyber security team. The second stage,
Identification, relates to finding out about a potential incident. The third stage, containment, is
implemented when an incident has been identified, specifically in the second stage. If an incident has
been identified, the incident must be halted before it causes further damage. The fourth stage,
eradication, is about eliminating the incident. The second to last stage, or fifth stage (Recovery), is about
licking your wounds, and mopping up any damage that was caused and bring everything back to normal.
The last stage, Lessons learned, is about learning from the incident and doing better in the future.
In this case, if our company was hit and our prized aerospace blueprints were taken, then we must be
prepared for it, then identify it, contain it, destroy it, recover from it, and learn from it.
In this section, we will go over all escalation procedures
in our incident response plan, along with it’s
associated chart.
5.
When should potential scenarios be escalated? (Identification)
6.
Who should be notified? (Who?)
7.
How should an escalation be communicated? (How?)
8.
What should happen during the escalation process? (what should be done?)
6
In the section, we will pose a real sample incident response plan with escalation matrices and contact
grids.
Company name: Canyon Aeronautics
Effective date: October 31
st
, 2025
Purpose: This plan will describe the steps to cover all related cyber incidents at Canyon Aeronautics. This
plan will provide a list of employees and their roles in the case of an incident, as well as any policies and
procedures to follw to ensure normal business operations.
We will list all the employees to inform during an incident and their roles or responsibilities during an
incident.
Ron Stewart
–
cybersecurity analyst
Lana Rhoades
–
information officer
Bart Simpson
–
Chief Security Officer
Nippy Turner
–
Help Desk Specialist
Example Escalation Matrix
S1
S2
S3
S4
P1
Critical
Critical
Urgent
Important
P2
Critical
Urgent
Important
Normal
P3
Urgent
Important
Normal
Normal
P4
Important
Normal
Normal
Normal
In this section, we will outline possible incident response strategies while incorporating real-time
monitoring tools.
a.
Containment, Eradication, and Recovery
b.
Post-incident Activity
c.
Recover
d.
Plan things out ahead of time
e.
Use IDS and IPS
Disaster Recovery Plan (DRP)
The purpose of this DRP plan is to better prepare our employees for a disaster, should one occur.
In this plan, we will go over a wide variety of topics, such as roles and responsibilities, resource and
training requirements, an explanation of an exercise to test the DRP in a predetermined scenario, and
maintenance schedules.
In this section, we will outline our employees and their respective responsibilities during the event of a
disaster.
Gregory Simpson
–
Chief Executive Officer
Homer Mathews
–
Office Cook
Ana Tores
–
Secretary
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
Tara Strong - Chief Security Officer
Martha Ying
–
Intern
In this section, we will outline our resource requirements.
For a rainy day, we must have:
a.
A week’s worth of rations
b.
Lots of water
c.
A flare and flare gun
For all employees, everyone must be trained in:
a.
Where all the exits are at
b.
Where to find the nearest fire extinguishers
c.
Where all the first aid stations are at
One explanation could be during a tornado, where all employees must stay in the building, preferably in
an underground basement (somewhere that is subdermal). With a weeks’ worthy of rations, water, an
d
survival supplies, everything should be fine.
With a disaster already finished, here we will outline the maintenance schedule. Maintenance schedule
should be every Thursday to Friday. But if those days are not available, please speak with your manager
or representative on the issue.
Business Continuity Plan (BCP)
In our BCP plan, we will use a hot site usage strategy, as many of our locations are set in deserts (Arizona,
Utah, and Texas). This strategy will benefit our company as each of our locations are much, much in the
hotter regions of the United States.
Our company will use the hot site strategy as well as can be. This is to maximize efficiency and support for
our people. This will also help sustain our usage strategy as well. And with that, we are finished with how
we will use and sustain our usage strategy.
IN our BCP we will also detail our critical systems/assets recovery procedures:
a.
Recover as much as possible, quantity over quality
b.
Prize the most useful assets over the least useful
c.
Go in with an open mind