ICTSAS526 Project Portfolio 1
docx
keyboard_arrow_up
School
Lead College Parramatta *
*We aren’t endorsed by this school
Course
ICTSAS526
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
8
Uploaded by MateSeahorse6403
Project Portfolio
ICTSAS526 - Review and update disaster recovery and contingency plans
BSBWRT301 Write simple documents
Trainer Guide
CONTENTS
Section 1: Review ICT system and threats and risks
5
Section 2: Develop disaster recovery and contingency plan
7
BSBWRT301 Write simple documents
Trainer Guide
Student name:
Md Safiyan Ahmed
Assessor:
Fredro Harjanto
Date:
19/11/2023
Business this assessment is
based on:
Grow Management Consultants
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
BSBWRT301 Write simple documents
Trainer Guide
Section 1: Review ICT system and threats
and risks
Business information
Summarise what the
business does and its key
products and services.
Additionally, describe the
security environment in
which the business
operates, as well as
statutory and commercial
requirements that the
business needs to abide by.
Give at least three examples
of statutory/commercial
requirements and their link
to disaster planning.
Grow Management Consultants is a management consultancy
company specialising in providing services to companies to assist
them to improve the leadership performance of their staff. The
company also offers a range of other services including professional
development workshops, as well as an extensive library of e-books
which are sold through an online shop. The e-books are very
popular and focus on a wide range of leadership themes.
Grow Management Consultants staff all work remotely in their own
homes (all located within 10 km of each other). Staff include the
CEO, Paul Burns supported by three Principal Consultants who
provide consulting services and write the e-books. A Customer
Service Officer answers all customer enquiries and processes
orders for consulting services and workshops.
eBooks are stored on the company’s internal system, OneDrive and
link directly to the online shop so that if changes are made, this
automatically updates on the shop. The e-books are the company’s
main source of income so any disruption to the online shop would
have an immediate impact on the company’s functions.
Further any disruption to the existing software, Microsoft Office for
Business hosted through OneDrive will have a significant impact as
consultants will not be able to carry on with their critical consulting
work which drives clients to the online shop.
For the purposes of this assessment, you are to assume you are an
ICT professional contracted to prepare a disaster recovery plan.
It is noted that the business does not have any specific statutory or
commercial requirements to abide by other than the usual
legislative requirements for businesses.
It is also notes that the business uses Xero for its accounting
system and stores staff and customer information as Microsoft Word
documents. These systems are all critical.
The company is in a strong financial position and is prepared to put
forward at least $20,000 per year to assist in prevention measures
to assist with mitigating disaster.
Staff knowledge of cyber security threats is limited. There is no
specific policy on anti-virus software or firewalls.
Critical functions
Identify and describe the
critical business functions
that would significantly
Corporate programmes come in a variety of forms to assist
entrepreneurs in lowering administrative expenses, boosting output,
and enhancing profitability. Microsoft 365 is an office productivity
tool that offers many advantages, including excellent performance,
data storage, and mobile use. In addition to being well-known,
BSBWRT301 Write simple documents
Trainer Guide
threaten the business if they
were to be disrupted or
unavailable for a certain
period of time.
Further identify and describe
the critical data that the
business holds, as well as
software that also
contributes to critical
business functions.
Explain the business’
requirements in terms of
contingencies.
Microsoft operates online, allowing you to keep your projects online
and access them from any device without compromising the quality
of your work.
All in all, it surpasses its rivals in terms of utility and offers
everything you need. A large selection of enterprise toolkits is
offered by Zoho. Numerous functions, including as sales,
maintenance, IT, personnel, accounting, teamwork, and project
planning, are covered by these software and solutions.
Securing these cutting-edge technologies will necessitate the use of
the company's backup interconnection and surveillance systems, in
addition to a likely consequence. Resiliency link could be used to
make sure that the right subsystems keep working even if some
competencies aren't available. To prevent hackers or poachers from
accessing the internet and the data it seems to store, we can also
employ security measures.
Threats and risks
Identify at least five threats
(both internal and external)
to the business’ ICT systems
and the associated risks this
poses.
Identify and evaluate risk
controls (prevention and
recovery options) to mitigate
or prevent threats. Evaluate
these risk controls in terms
of the business’ cost
constraints and overall
requirements.
Any malicious act carried out with the intention of stealing or
polluting data, breaking a link that has been made, or upsetting the
organisation, is considered a security hazard.
Computer viruses are malicious software programmes created to
compromise a business's network, data, and infrastructure. Its main
purpose is to remain active on the compromised machine and infect
new systems. The use of powerful antivirus software can stop it. A
network of Internet-connected devices, including servers, PCs,
mobile platforms, and Internet of things (IoT) gadgets, that are
infected with and under direct control of a specific type of malware
is called a botnet. Botnet malware typically searches the internet for
harmful activity. Updating software and using antibot nett
programmes can help solve this kind of problem. Phishing attacks
are a type of cybercrime that employ deception to fool people into
revealing personal information and going against established
screening protocols. Users should refrain from installing free
versions from dubious domains, downloading components, or
clicking links in emails from unknown senders. Several hacked
devices attack a target, such as a website, the internet, or another
corporate network, causing the target to become unusable in a
decentralised denial-of-service (DDoS) attack. Such issues can be
avoided by utilising technologies to continuously check connections
and estimate how much internet a site requires overall. With the aid
of a computer tool called an exploit kit, a non-programmer can
create, modify, and distribute malware. Antimalware software and a
security policy that continuously evaluates if its security precautions
are appropriate and offer threat protection should be implemented
by a business.
BSBWRT301 Write simple documents
Trainer Guide
Section 2: Develop disaster recovery and
contingency plan
Industry standard
procedures
Conduct research and
then report on industry
standard procedures for
disaster recovery and
contingency planning.
Describe these
standard procedures
and how you will ensure
that they are reflected
in your disaster
recovery and
contingency plan.
The many guidelines and protocols for disaster recovery and backup plans are as follows:
Organisations must incorporate network security resilience into the design and upkeep of t
systems in accordance with ISO 27001. Considering this, the controls for disaster recovery
procedures, disaster recovery, and alternatives are described in this section.
The Plan-Do-Check-Act cycle is a systematic approach that can be used to prevent, foreca
and manage ICT destabilisation scenarios that have the potential to destroy ICT services. T
explained in the ISO 27031 part. Thus, this standard supports Security Vulnerabilities
Management as well as Business Continuity Planning.
ISO 27031 is a perfect standard for ISO 27001 resolution.
Disaster and recovery
plan
Develop a disaster
recovery and
contingency plan in a
format of your choice.
Your plan should
include the following as
a minimum:
The purpose of the
plan.
Threats to ICT
systems and risks
this presents.
Disaster recovery
and prevention
strategy based on
the business’
requirements, cost
constraints, risks
identified and
standard industry
procedures.
Explain how your
strategy addresses
each of these.
Threats
Classific
ations of
threats
Possibili
ties of
Risks
Likeliho
od of
danger
Risk
Mitigation
methods
Limitations
System
weakness
Internal
High
Less
Pre-test the
contrivance
before starting
it so that if
any sections
fail, they may
be rectified
when calamity
occurs.
Past
investment
in
evaluating
and
improving
technology
Virus
interruptio
n
Internal
High
Moderat
e
Using
encrypted
tools to
determine the
machine at
reasonable
rates to detect
and eliminate
any spyware
that may have
been
threatening it
Cost for
buying an
antivirus
application
Power
Surge
Internal
Less
High
Build an
emergency
The cost of
system
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
BSBWRT301 Write simple documents
Trainer Guide
Processes/actions
to be followed,
including cutover
criteria plan.
Remember that your
plan can be a high level
plan as not all incidents
can be included in the
plan i.e. it can be high
level actions to be
taken rather than
specific actions in
relation to ICT
incidents. Your plan will
allow for these to be
developed specific to
the ICT incident.
power
generator
capable of
handling
power in the
situation of a
device and
privilege
breakdown.
that
depends
on
supplemen
tary power
generation.
Attacks
and
Fishing
External
Moderat
e
High
Pre-
processing
junk emails
and staying
away from
third-party
sources
The price
of
constructin
g a way to
deter spam
and
Communic
ations
Hiring
Profession
als
External
High
Less
Hire full-time
IT Personnel
The
expense of
hiring
skilled
profession
als
Presentation
Write the title of your
presentation here and
attach it to your
Portfolio.
Presentation
Attach:
Disaster recovery and contingency plan
☐
Presentation
☐
Complete this section
following
your presentation.
BSBWRT301 Write simple documents
Trainer Guide
Feedback
Summarise the feedback
you received here and your
response to the feedback.
Attach your updated disaster
recovery and contingency
plan based on the feedback
you received.
In the past, job schedules and finances were handled differently. No
attempt has been made to link the budgetary and scheduling
constraints. By providing a straightforward and efficient approach to
measuring accomplishment that simultaneously makes use of a
finance-based and a scheduling-based methodology, earned value
can solve this issue.
These technologies allow managers to examine budgeted and
actual data in order to find overruns. In the event that actual
numbers exceeded estimates, a cost overrun was assumed, and
prices were lowered.
Task sign off
Write an email here
indicating your response to
the feedback and requesting
final task sign off.
19
th
November 2023
Respected Sir,
I performed all the instructions for completing this documentation
and submitting it to you. I requested for advice, and you responded
that no changes had been made, therefore I made no changes but
looked through all my formatting and paper contents.
Your sincerely,
Safiyan