Security Policy and Disaster Recovery Plan Development for EMC Cloud, Assignments of Computer Science

Instructions for developing a security policy and a disaster recovery plan for EMC Cloud. A security policy is a set of rules and procedures to maintain the confidentiality, integrity, and availability of systems and information. A disaster recovery plan ensures business continuity in the event of a disaster. The document also discusses the role of different groups in implementing security audit recommendations.

Typology: Assignments

2021/2022

Uploaded on 11/20/2022

hoang-tran-13
hoang-tran-13 🇻🇳

7 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
E. Activity 4
I. Develop a security policy for EMC Cloud to minimize exploitations and misuses while
evaluating the suitability of the tools used in an organizational policy.
Asecuritypolicyisasetofrulesandproceduresthatemployeesmustfollowregardingthesecurityofan
organization'sassetsandresources.Anappropriatesecuritypolicyhelpsmaintainstrongsecuritywithin
theorganization.Thegoalofasecuritypolicyistomaintaintheconfidentiality,integrity,andavailability
ofsystemsandinformationusedbymembersofanorganization.
CID triad:
CIDtriadisamodeldesignedtoguidepoliciesforinformationsecuritywithinanorganization.The
modelisalsosometimesreferredtoastheAICtriad(availability,integrityandconfidentiality)toavoid
confusionwiththeCentralIntelligenceAgency.Althoughelementsofthetriadarethreeofthemost
foundationalandcrucialcybersecurityneeds,expertsbelievetheCIAtriadneedsanupgradetostay
effective.
Confidentiality
……………………….
Integrity
………………………………..
Availability 
……………………………………………………………
Security Policy
Why we need Security Policy?
Asecuritypolicycontainspre-approvedorganizationalproceduresthattellyouexactlywhatyouneedto
doinordertopreventsecurityproblemsandnextstepsifyouareeverfacedwithadatabreach.
Securityproblemscaninclude:
Confidentiality –peopleobtainingordisclosinginformationinappropriately.
DataIntegrity–informationbeingalteredorerroneouslyvalidated,whetherdeliberateor
accidental.
Availability–informationnotbeingavailablewhenitisrequiredorbeingavailabletomore
usersthanisappropriate.
All good policies have:
Purpose:Cleargoalsandexpectationsofthepolicy.
pf3
pf4
pf5

Partial preview of the text

Download Security Policy and Disaster Recovery Plan Development for EMC Cloud and more Assignments Computer Science in PDF only on Docsity!

E. Activity 4 I. Develop a security policy for EMC Cloud to minimize exploitations and misuses while evaluating the suitability of the tools used in an organizational policy. A security policy is a set of rules and procedures that employees must follow regarding the security of an organization's assets and resources. An appropriate security policy helps maintain strong security within the organization. The goal of a security policy is to maintain the confidentiality, integrity, and availability of systems and information used by members of an organization. CID triad: CID triad is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence Agency. Although elements of the triad are three of the most foundational and crucial cybersecurity needs, experts believe the CIA triad needs an upgrade to stay effective.  Confidentiality ……………………….Integrity ………………………………..Availability …………………………………………………………… Security Policy Why we need Security Policy? A security policy contains pre-approved organizational procedures that tell you exactly what you need to do in order to prevent security problems and next steps if you are ever faced with a data breach. Security problems can include:  Confidentiality – people obtaining or disclosing information inappropriately.  Data Integrity – information being altered or erroneously validated, whether deliberate or accidental.  Availability – information not being available when it is required or being available to more users than is appropriate. All good policies have:Purpose : Clear goals and expectations of the policy.

Policy Compliance: Federal and State regulations might drive some requirements of a security policy, so it’s critical to list them.  Last Tested Date: Policies need to be a living document and frequently tested and challenged.  Policy Last Updated Date: Security policy documents need to be updated to adapt to changes in the organization, outside threats, and technology.  Contact: Information security policies are supposed to be read, understood and followed by all individuals within an organization and so if there are questions, there needs to be an owner. II. Develop and present a disaster recovery plan for EMC Cloud for its all venues to ensure maximum uptime for its customers. A disaster recovery plan is a plan that covers how to continue their organizational processes even after a catastrophic situation. Every organization faces dire situations at some point in its business life. To successfully deal with the situation, the organization must have a plan. Disasters can be natural disasters, technological errors and human consequences. A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery. The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster so that the entire team can take those actions. A disaster recovery plan should address both man-made disasters that are intentional, such as fallout from terrorism or hacking, or accidental, such as an equipment failure.

1. Things must include in DRP: **……………………………………

  1. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)** …………………………………………………. 2. Hardware and Software Inventory ………………………………………………….. 3. Identify Personnel Roles ………………………………………………………… 4. List of Disaster Recovery Sites ……………………………………………………………. 5. Remote Storage of Physical Documents and Storage Media ………………………………………………………………..
  1. Types of IT Security Audit There is more than one way to categorize an IT security audit. Generally, it’s been categorized on the basis of approach, methodology, etc. Some of the common categorizations are: i. Approach BasedBlack Box Audit: ………………………………….  White Box Audit: ………………………………..  Grey Box Audit :…………………………………….. ii. Methodology BasedPenetration Tests: …………………………………  Compliance Audits: ……………………………………  Risk Assessments: ………………………………..  Vulnerability Tests. ………………………………………….  Due Diligence Questionnaires ………………………………………..
  2. How to conduct an IT security audit for your business? i. Security audit can be performed in 5 steps:
  3. Assess your assets …………………………………
  4. Identify threats …………………………………………….
  5. Evaluate current security ………………………………………..
  6. Assign risk scores ………………………………………………….. Here are other factors to consider:Current cybersecurity trends : What is the current method of choice for hackers? What threats are growing in popularity and which are becoming less frequent? Learn cybersecurity predictions and observations from a white hat hacker herself.  Industry-level trends : What types of breaches are the most prevalent in your industry?  Regulation and compliance : Are you a public or private company? What kind of data do you handle? Does your organization store and/or transmit sensitive financial or personal information? Who has access to what systems? The answers to these questions will have implications on the risk score you are assigning to certain threats and the value you are placing on particular assets.
  7. Build your plan

The fifth and final step of your internal security audit? For each threat on your prioritized list, determine a corresponding action to take. Eliminate the threat where you can, and mitigate and minimize everywhere else. You can think of this as a to-do list for the coming weeks and months. ii. Tools Before beginning with the process of security audits with tools, it is important to use the right set of tools. Kali Linux is one such OS that is customized and contains a bundle of tools to conduct a security audit. This OS can be used by installing on a separate machine or making the present machine dual- booted or on a virtual machine.

  1. Recon Dog ………………………………………………………
  2. Nmap ………………………………………………………
  3. Nikto ………………………………………………………….