Developing Disaster Recovery Backup Procedures Lab Worksheet Assignment please answer the question on the attached files. Assessment Worksheet Developing D

Developing Disaster Recovery Backup Procedures Lab Worksheet Assignment please answer the question on the attached files. Assessment Worksheet
Developing Disaster Recovery Backup Procedures and Recovery
Instructions
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________
Overview
In this lab, you applied the same concepts of disaster recovery backup procedures and recovery
instructions to your own data. You explained how you can lower recovery time objectives
(RTOs) with proper backup and recovery procedures, you defined a process for IT system and
application recovery procedures, you identified a backup solution for saving your own data, and
you tested and verified your backups for RTO compliance.
Lab Assessment Questions & Answers
1. How do documented backup and recovery procedures help achieve RTO?
2. True or false: To achieve an RTO of 0, you need 100 percent redundant, hot-stand-by
infrastructure (that is, IT systems, applications, data, and so on).
3. What is most important when considering data backups?
4. What is most important when considering data recovery?
5. What are the risks of using your external e-mail box as a backup and data storage solution?
75
6. Identify the total amount of time required to recover and install the Lab Assessment Worksheet(s)
and to open the file(s) to verify integrity. (Calculate your timed RTO using your computer clock
and your documented instructions.)
7. Did you achieve your RTO? What steps and procedures can you implement to help drive RTO
even lower?
8. What are some recommendations for lowering the RTO for retrieval and access to the backup data
file?
9. If you drive RTO lower, what must you do to streamline the procedure?
10. Why are documenting and testing critical to achieve a defined RTO?
11. Why is it a best practice for an organization to document its backup and recovery steps for disaster
recovery?
12. What can you do to cut down on the recovery time for accessing, copying, and recovering your
Lab Assessment Worksheets to achieve the RTO?
13. What will encryption of a disk or data in storage do to the RTO definition when attempting to
retrieve and recover cleartext data for production use?
14. How many total steps did your backup and recovery procedures consist of for this lab exercise?
Are there any that can be combined or streamlined?
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
15. If the individual accessing the system for disaster recovery purposes were not familiar with the IT
system and required system administrator logon credentials, what additional step would be
required in the recovery phase?
JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
LABORATORY MANUAL TO ACCOMPANY
Managing Risk
in Information
Systems
VERSION 2.0
Powered by vLab Solutions
INSTRUCTOR VERSION
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
Lab #10 Creating a CIRT Response Plan for a Typical
IT Infrastructure
Introduction
When a company experiences a computer incident, its security team that collects and
monitors incidents must make a decision. That decision is whether the incident is benign,
or whether it signals a greater problem, such as an attempted (or successful) security
breach.
When people hear “security breach,” they often imagine sinister hackers bypassing
firewalls to steal top secret plans. The attack might be one of thousands, a “noisy” spray
of exploits across a network. Or the attack might be targeted solely at one company and,
as the attacker hopes, more stealthy.
In any case, as different pieces of evidence are collected, it becomes easier to confirm
whether a breach really has occurred and, if so, how it must be handled by a specialized
team of security professionals. These special teams are referred to as computer incident
response teams (CIRTs). A CIRT team operates on the actions laid out in a CIRT plan.
The purpose of a computer incident response team (CIRT) plan is to mitigate risks found
in the seven domains of a typical IT infrastructure.
When tasked to manage a security breach, a CIRT team will identify, analyze, and
contain the extent of the security breach. Then they will get rid of the breach and
whatever traces—a virus or other malware—were left behind. Next, as some business
functions might have been affected, the CIRT team helps recover from the breach. Lastly,
the CIRT team discusses and improves its CIRT plan based on lessons learned during a
review session.
In this lab, you will explain how CIRT plans mitigate risks, you will identify where CIRT
monitoring and security operation tasks occur throughout an IT infrastructure, you will
identify the security controls and countermeasures that mitigate risk, and you will create a
CIRT response plan.
Learning Objectives
Upon completing this lab, you will be able to:
Explain how a CIRT plan can help mitigate risks found in the seven domains of a
typical IT infrastructure.
90
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
93
Hands-On Steps
Note:
This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to
Microsoft® Word or another compatible word processor. For some labs, you may also need access to a
graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for
information on creating the lab deliverable files.
3. Review the Mock IT infrastructure for a health care IT infrastructure servicing
patients with life-threatening conditions (see Figure 1).
Figure 1 Mock IT infrastructure
4. Identify and then document the security controls and security countermeasures you
can implement throughout Figure 1 to help mitigate risk from unauthorized access
and access to intellectual property or customer privacy data.
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Instructor Lab Manual
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
94 | LAB #10 Creating a CIRT Response Plan for a Typical IT Infrastructure
5. Review the steps for creating a CIRT plan as outlined in the following table:
Step
Preparation
Identification
Containment
Eradication
Recovery
Post-Mortem Review
Description of Step
What tools, applications, laptops, and
communication devices are needed to
address computer/security incident
response for this specific breach?
When an incident is reported, it must be
identified, classified, and documented.
During this step, the following information is
needed: validating the incident; identifying
its nature, if an incident has occurred;
identifying and protecting the evidence; and
logging and reporting the event or incident.
The immediate objective is to limit the
scope and magnitude of the
computer/security-related incident as
quickly as possible, rather than allow the
incident to continue to gain evidence for
identifying and/or prosecuting the
perpetrator.
The next priority is to remove the
computer/security-related incident or
breach’s effects.
Recovery is specific to bringing back into
production those IT systems, applications,
and assets that were affected by the
security-related incident.
Following up on an incident after the
recovery tasks and services are completed
is a critical last step in the overall
methodology. A post-mortem report should
include a complete explanation of the
incident and the resolution and applicable
configuration management, security
countermeasures, and implementation
recommendations to prevent the security
incident or breach from occurring again.
Note:
The post-mortem review is arguably the most important step as CIRT team members re-evaluate their
actions with the valuable luxury of hindsight. When the CIRT members are able to look back to compare
what they saw and how it related to what happened next, they can continually improve what they offer the
organization.
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
95
6. Create a CIRT response plan approach according to the six-step methodology
unique to the risks associated with the item you choose from the following:




Internet ingress/egress at ASA_Student
Headquarters’ departmental VLANs on LAN Switch 1 and 2 with cleartext
privacy data
Remote branch office locations connected through the WAN
Data center/server farm at ASA_Instructor

Note:
This completes the lab. Close the Web browser, if you have not already done so.
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Instructor Lab Manual
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

Purchase answer to see full
attachment