CMGT400 Week 2 Disaster Recovery and Business Continuity Plan Using the financial services scenario from the Week 2 Learning Team assignment, “Financial Se

CMGT400 Week 2 Disaster Recovery and Business Continuity Plan Using the financial services scenario from the Week 2 Learning Team assignment, “Financial Service Security Engagement,” create an 8- to 10-page Disaster Recovery and Business Continuity Plan with the following: (10-points)

Determine the recovery model for your backup and recovery strategy (5-points).
Design the backup strategy and include a diagram to document your backup strategy. Include recovery steps in your diagram (5-points).
Recommend a schedule for backups (5-points).
Explain how you will test your backup and recovery strategy
Recovery sites (5-points).
Hot site
Warm site
Cold site
Order of restoration (5-points).
Backup types (5-points).
Differential
Incremental
Snapshot
Full
Geographic considerations (5-points).
Off-site backups
Distance
Location selection
Legal implications
Legal implications
Data sovereignty
Continuity of operation (5-points).
Exercises
After-action reports
Failover
Alternate processing sites
Alternate business practices Intro To Information Assurance & Security
Instructor: Dennis Wood
Learning Team Assignment Week 5
Security Analysis (6-8 pages)
Jenn Groff, Frank Longo
Due Date: 5/13/2019
The Chief Information Security Officer (CISO) of your organization is concerned about the security of
this new system and its integration to existing systems and has requested that your
team complete the following 6- to 8-page security analysis:

Create a plan that addresses the secure use of mobile devices by internal employees and external
employees as they use mobile devices to access these applications (10-points).
The top challenges for organizations related to securing and use of mobile devices by internal and
external employees as they use mobile devices to access financial portfolios, services, and accounts:
1. Mobile device management- requires a set of tools for “activation, asset management,
troubleshooting, and retirement.” The tools and processes have to be consistent and very extensive across
multiple mobile OS platforms. Establishing a set of appropriate methods and policies is a critical step.
**An example for mobile phones, “to minimize the IT resources needed to add personal mobile devices,
using a self-service resource– part of its Mobile Device Management solution – that empowers employees
to set up their smartphones and tablets on their own. With a simple download of enterprise software
container application onto their device, employees can keep personal and professional data separate.”
2. Security for mobile devices uses secure enterprise applications and data. The employee would be
required to provide their employees with mobile access to enterprise items such as “messaging, calendar,
corporate directory systems, database systems, and internal work groups. Providing the device to the
employee, with stipulations on what and how applications and data can be installed and used would be
one way to protect the enterprise’s security and data. However, the enterprise would be able to allow the
user to utilize their own devices and plans but will need to manage the risk associated with the type of
data and applications they require, even if the app is designed for connected or offline operation, and also
if the employee owns the device.
**An example of this would include: By implementing its Security solution, the enterprise is now able to
provide its employees with secure email and access to enterprise networks and applications on devices
with iOS and Android. It is possible through the encrypted software container that holds the necessary
enterprise software for download available to the approved end users.
3. Mobile application architecture- Applications are designed to be very specific to each OS platform
and can be found In the App store for IOS, the Google play store for Android, or from the IT Enterprise
tools designed for enterprises. Controlling what users can do is a new set of challenges. “An environment
where there is little control of the end user device presents a unique set of applications management
challenges. These can be addressed by effective application development and testing.”
4. Telecom expense management – Using mobile devices in an enterprise environment increases costs
for “wireless voice and data plans.” To lower the expenses the enterprise should consider using the tools
that assign users to specific voice/data plans related to their roles in the company. The can provide “realtime controls to manage to roam.”
5. IT cost management—The more mobile devices that are added to an enterprise, it can lead to new
demands and higher costs overall. The needs range from “mobile device procurement, activation, support,
and the help desk.” To help alleviate these, the enterprise relies on “flexible deployment capabilities to
control how new expertise, headcount, and operating cost are incurred for mobile devices.
**Mobility strategy is changing from strictly offering corporate-owned smartphones to a tiered approach
that includes bring-your-own-device (smartphones and tablets) for non-customer-facing employees. To
alleviate concerns around security and control, privacy and compatibility, and complexity, the enterprise
will employ its mobility solutions.
Recommend physical security and environmental controls to protect the data center which runs the
on-site applications (10-points).
Physical Security:
Physical security is one of the essential measures designed to stay safe from intruders and keep them
away from entering the data centers. A data center should have multiple steps to stop illegal access to
resources or network equipment’s present inside.
The three physical security controls which would be commonly implemented in a data center environment
are as follows:
Protective Barriers:

Protective barriers will offer barriers like a wall or a fence which will be constructed around a
data center to stop intruders from entering the area.
Security Guard implementation:

Security Guards will play an essential role in protecting the data centers, and it is an excellent
way to implement security for a data center.
CCTV surveillance:

A CCTV surveillance will always keep an eye on the people entering or leaving the area with or
without permission.
Here are the security controls which would help in mitigating the risk:

Protective Barriers are one of the essential security measures which could stop any civilian
movement inside the data center keeping the equipment safe all day/night.

The Security Guards will keep away every civilian from entering the area without permission.

CCTV surveillance possesses alarming systems which would eventually alert the guards
about any mischievous act or theft. They can record every movement all day/night which
can be used as evidence against theirs.

Environmental Controls. The following list represents ecological controls for the on-site Data
Center: (a.) Technological monitors alert IT personnel when the room temperature is either too
hot or too cold, which could indicate a system malfunction, (b.) the Data Center houses two
backup power supply (BPS) devices in the event of a power outage, (c.) The Data Center is
equipped with monitoring equipment to alert IT personnel of water, fire, or other environmental
factors that could damage our systems

Propose audit assessment and processes that will be used to ensure that the cloud-based
CRM software provider uses appropriate physical security and environmental controls to
protect their data centers which run your cloud-based CRM software (10-points).
CRM Software Provider. The cloud-based CRM software provider utilizes a CloudAudit solution to
ensure physical and environmental controls are in place to protect their cloud-based data centers.
Develop identity and access management policies for both the on-site systems and the cloud-based
CRM (10-points).
On-site systems and the cloud-based CRM identity and access management policies.
Objective: One digital identity per individual including customer, supplier, contractor, employee,
administrators, management, third-party vendors. Any individual that will be accessing the system.
Goal: “The overarching goal of identity management is to grant access to the right enterprise assets to
the right users in the right context, from a user’s system onboarding to permission authorizations to the
offboarding of that use as needed in a timely fashion.”
Identity analytics (IA), allows the security team detection of and prevention of, risky identity behaviors
using rules, machine learning, and other things.
Authentication methods for verifying the identity of the user: includes username/passwords, twofactor authentication, digital certificates, hardware tokens, OTP’s one-time passwords, and smartcards,
Biometric authentication for mobile devices and IoT devices.
Tools and technologies approved for security and for identity and access management (but aren’t
limited to): Application programming interfaces (API’s) enables IAM for use with B2B commerce,
“password management tools, provisioning software, security-policy enforcement applications,
reporting and monitoring apps and identity repositories” such as Active Directory. Cloud-based systems
such as Microsoft office 365 and Sharepoint will also require identity and access management.
Software, services, and processes used for identity and access management: Identity as a service
(IDaaS)(cloud based), Identity management and governance (IMG), Risk-based authentication such as
two-factor authentication for high-risk users. Single factor authentication for low-risk users such as
username/password, single sign-on (SSO).
Policy: “Identify management systems should enable administrators to easily manage access privileges
for a variety of users, including on-site domestic employees and international off-site contractors; hybrid
compute environments that encompass on-premise computing, software as a service (SaaS) applications
for investment portfolios, sales, and accounts.”
The “Enterprise will use identity management to safeguard their information assets against the rising
threats of ransomware, criminal hacking, phishing, and other malware attacks.”
Rules and Regulations: “Government requires enterprises to care about the identity management of the
users. Regulations such as Sarbanes-Oxley, Gramm-Leach-Billey, and HIPPA hold organizations
accountable for controlling access to customer and employee information”. General Data Protection
Regulation (GDPR) requires strong security and user access controls. It mandates that organizations
safeguard the personal data and privacy of European Union citizens. It affects every company that does
business in EU countries and has European citizens as customers. NYDFS New York’s Department of
Financial Services regulates and requires for security operations of financial services companies that
operate in New York, including the need to monitor the activities of authorized users and maintain audit
logs.
Recommend cryptography and public critical infrastructure (PKI) uses which could be used to
increase security for these systems (10-points).
Cryptography and public key infrastructure Recommendations:
1.Digital signature: to be deployed on a mass scale. Supports the identity and access management
of senders/receivers
2.Encryption
3.Certificate authorities: issue the digital credentials that verify the end user
4.Digital Certificates: to be deployed on a mass scale. It Identifies the users that are sent encrypted
data and/or identify the receivers/signers’ information as well. Also, it protects the authenticity and
integrity of the certificate is imperative to maintain the trustworthiness of a system.
5.Device credentialing: for cloud based and internet-based devices
6.PKI parlance authenticates, confidentiality and integrity of transactions. This can be to
authenticate the user’s “subscribers”, embedded systems, connected devices, web servers and/or
program applications that are conducting business processes in an ecosystem.
7.Asymmetric cryptography: provides a public and private component. The public key can be
readily available to any person in a group for encryption or for verification of a digital signature. The
private key must be kept private to whom the entity belongs. It usually asks for a task like decryption
or for creating a digital signature.
8.Importance of PKI’s: can provide and sustain support for a very large corporation or enterprise. It
supports a larger number of applications, users and devices across the enterprise system. It comes
with a guarantee trust.
9.AES: Advanced Encryption Standard is a symmetric encryption algorithm and one of the most
secure.
10.3DES: Triple Data Encryption Standard, or 3DES, is a current standard, and it is a block cipher.
11.RSA: An asymmetric algorithm that uses a public-key cyptography to share data over an insecure
network.
REFERENCES:
DELL (2012) Enterprise Mobility Solutions Maximizing your mobile investment Retrieved from:
http://i.dell.com/sites/content/business/solutions/whitepapers/en/Documents/enterprise-mobilitysolutions.pdf
Martin, J., Waters, J. (2018 October 9) What is IAM? Identity and access management explained IAM
products provide IT managers with tools and technologies for controlling user access to critical
information within an organization. Retrieved from: https://www.csoonline.com/article/2120384/whatis-iam-identity-and-access-management-explained.html
Korzeniowski, P. (2019) 8 essential best practices for API security Retrieved from:
https://techbeacon.com/app-dev-testing/8-essential-best-practices-api-security
Thales

Don't use plagiarized sources. Get Your Custom Essay on
CMGT400 Week 2 Disaster Recovery and Business Continuity Plan Using the financial services scenario from the Week 2 Learning Team assignment, “Financial Se
Just from $13/Page
Order Essay

Purchase answer to see full
attachment

Homework On Time
Calculate the Price of your PAPER Now
Pages (550 words)
Approximate price: -

Why Choose Us

Top quality papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional academic writers

We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.

Free revisions

If you feel that we missed something, send the order for a free revision. You will have 10 days to send the order for revision after you receive the final paper. You can either do it on your own after signing in to your personal account or by contacting our support.

On-time delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & confidential

We use several checkers to make sure that all papers you receive are plagiarism-free. Our editors carefully go through all in-text citations. We also promise full confidentiality in all our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

You are welcome to choose your academic level and the type of your paper. Our academic experts will gladly help you with essays, case studies, research papers and other assignments.

Admissions

Admission help & business writing

You can be positive that we will be here 24/7 to help you get accepted to the Master’s program at the TOP-universities or help you get a well-paid position.

Reviews

Editing your paper

Our academic writers and editors will help you submit a well-structured and organized paper just on time. We will ensure that your final paper is of the highest quality and absolutely free of mistakes.

Reviews

Revising your paper

Our academic writers and editors will help you with unlimited number of revisions in case you need any customization of your academic papers