Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Final Project
Trisha Rose
University of Advancing Technology
Business Continuity/Disaster Recovery
NTW 440
Kevin McLaughlin
November 09, 2012
FINAL PROJECT
Table of Contents
Risk Assessment..................................................................................................... 3
Program Process or Business Practice: Servers...............................................3
Program Process or Business Practice: Server Room......................................3
Program Process or Business Practice: Internet Access..................................4
Program Process or Business Practice: Email Access......................................4
Program Process or Business Practice: Firewall + anti-virus...........................5
Program Process or Business Practice: Router................................................5
Program Process or Business Practice: Guest access......................................6
Program Process or Business Practice: backup...............................................6
Business Impact Analysis...................................................................................... 7
Unit: Registration Services..................................................................................... 7
Unit: Financial Services.......................................................................................... 7
Unit: Human Resources.......................................................................................... 8
System Data & Sensitivity Classification............................................................8
Process ID: RS-01.................................................................................................. 8
Process ID: FS-02.................................................................................................. 9
Process ID: HR-03................................................................................................. 9
IT System Inventory & Definition.......................................................................10
Process ID: FS-02...................................................................................................... 10
Emergency Response Teams............................................................................................. 11
Data Recovery Team This team is put together to manage all data recovery for Rose University....11
Physical Damage Crisis Team........................................................................................ 11
People Management Team............................................................................................. 11
Financial Management Team.......................................................................................... 12
FINAL PROJECT
3
Final Project
Risk Assessment
Program Process or Business Practice: Servers
Information Type/Sensitivity Level: Information is stored digitally on TB Towers. Various
types of information are stored from student and faculty information to financial information.
Associated Risks: The servers could get backed up or shut down. The impact would slow down
or stop workflow. The servers are vulnerable through the firewall.
Examples of Current Controls: A firewall and restricted user access are in place to help
mitigate potential risks
Determination of the Effectiveness of this control currently in place: Yes
Regulation or Standard Referred to: none
Next Action; require by whom and when: controls for all unused ports to be closed by the
network administrators to be completed by the end of the week.
FINAL PROJECT
FINAL PROJECT
FINAL PROJECT
Program Process or Business Practice: Guest access
Information Type/Sensitivity Level: allows anyone to access a computer or internet on the
network with guest privileges.
Associated Risks: someone could use that privilege to hack the system. Student and faculty
information could be stolen and the reputation of the school would be ruined.
Examples of Current Controls: guest access is disabled. A username and password is required
for access and provided to every faculty member and student.
Determination of the Effectiveness of this control currently in place: Yes
Regulation or Standard Referred to: None
Next Action; require by whom and when: None
FINAL PROJECT
Activity (Type of Data): Registration for new students
Activity Owner: Tiffany George
Degree of Impact: 2
Political or Sensitivity: 1
Financial Cost: 2
Probability of Loss: 3
Overall Weight: 2
FINAL PROJECT
Probability of Loss: 3
Overall Weight: 2.25
FINAL PROJECT
FINAL PROJECT
10
Physical Damage Crisis Team This team is in charge of managing all physical damage done
and ensuring that all damage is repaired and taken care of.
FINAL PROJECT
11
People Management Team This team is in place to make sure everyone that may have been
affected by the crisis is taken care whether it is someone who needs someone to talk to or
someone who needs medical attention.
Financial Management Team This team is meant to take care of all finances surrounding the
crisis and ensure the other teams have the money needed to perform their team duties.