



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Instructions for developing a security policy and a disaster recovery plan for EMC Cloud. A security policy is a set of rules and procedures to maintain the confidentiality, integrity, and availability of systems and information. A disaster recovery plan ensures business continuity in the event of a disaster. The document also discusses the role of different groups in implementing security audit recommendations.
Typology: Assignments
1 / 5
This page cannot be seen from the preview
Don't miss anything!




E. Activity 4 I. Develop a security policy for EMC Cloud to minimize exploitations and misuses while evaluating the suitability of the tools used in an organizational policy. A security policy is a set of rules and procedures that employees must follow regarding the security of an organization's assets and resources. An appropriate security policy helps maintain strong security within the organization. The goal of a security policy is to maintain the confidentiality, integrity, and availability of systems and information used by members of an organization. CID triad: CID triad is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence Agency. Although elements of the triad are three of the most foundational and crucial cybersecurity needs, experts believe the CIA triad needs an upgrade to stay effective. Confidentiality ………………………. Integrity ……………………………….. Availability …………………………………………………………… Security Policy Why we need Security Policy? A security policy contains pre-approved organizational procedures that tell you exactly what you need to do in order to prevent security problems and next steps if you are ever faced with a data breach. Security problems can include: Confidentiality – people obtaining or disclosing information inappropriately. Data Integrity – information being altered or erroneously validated, whether deliberate or accidental. Availability – information not being available when it is required or being available to more users than is appropriate. All good policies have: Purpose : Clear goals and expectations of the policy.
Policy Compliance: Federal and State regulations might drive some requirements of a security policy, so it’s critical to list them. Last Tested Date: Policies need to be a living document and frequently tested and challenged. Policy Last Updated Date: Security policy documents need to be updated to adapt to changes in the organization, outside threats, and technology. Contact: Information security policies are supposed to be read, understood and followed by all individuals within an organization and so if there are questions, there needs to be an owner. II. Develop and present a disaster recovery plan for EMC Cloud for its all venues to ensure maximum uptime for its customers. A disaster recovery plan is a plan that covers how to continue their organizational processes even after a catastrophic situation. Every organization faces dire situations at some point in its business life. To successfully deal with the situation, the organization must have a plan. Disasters can be natural disasters, technological errors and human consequences. A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery. The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster so that the entire team can take those actions. A disaster recovery plan should address both man-made disasters that are intentional, such as fallout from terrorism or hacking, or accidental, such as an equipment failure.
1. Things must include in DRP: **……………………………………
The fifth and final step of your internal security audit? For each threat on your prioritized list, determine a corresponding action to take. Eliminate the threat where you can, and mitigate and minimize everywhere else. You can think of this as a to-do list for the coming weeks and months. ii. Tools Before beginning with the process of security audits with tools, it is important to use the right set of tools. Kali Linux is one such OS that is customized and contains a bundle of tools to conduct a security audit. This OS can be used by installing on a separate machine or making the present machine dual- booted or on a virtual machine.