: It Security and Disaster Recovery Management

In: Business and Management

Submitted By nunez1795
Words 996
Pages 4
Trident University
Alfonso Nunez
Module 1 Case Assignment
ITM527: IT Security and Disaster Recovery Management
Dr. Kenneth Phillips
August 26, 2013

Introduction The Malcolm Baldrige National Quality has evolved from a means of recognizing and promoting exemplary quality management practices to a comprehensive framework for world class performance, widely used as a model for improvement. As such, its underlying theoretical framework is of critical importance, since the relationships it portrays convey a message about the route to competitiveness. This paper will compare how two schools us the support related to the validity of the Baldrige framework by examining both schools plans at the level of its theoretical constructs. By moving beyond the specific criteria, I seek to examine it in a larger context, how these schools and business in general can use it for strategic planning.
Baldrige and Plans The Baldrige literature has been influential in providing guidance for achieving performance excellence in businesses. The Malcolm Baldrige National Quality Improvement, which embodies many elements from UC Berkeley and UC Boulder strategic IT plans, offers a framework for implementing a set of high-performance management practices, including customer orientation, business process management, and fact-based management. This framework points to the interconnections between information and analysis, process management, customer management, and performance management and acknowledges that the management of IT assets and information flows is a critical enabler of these schools success. It directs attention to key organizational capabilities and processes that might mediate the links between information management capability and school performance. It seems from reading each universities strategic planning process that each one…...

Similar Documents

Disaster Recovery Paper

...Best Buy disaster plan Christian Jones Qazi Ali CIS 359 May 25, 2012 Abstract Through this paper I and my partner will be discussing number of things about one of the biggest computer retail company in the United States of America. First is that we will provide some background information on the Best Buy company such as how it came about and how it has evolved from the past and to the present date. Basically we will give up a little bit of information on the owner as well as the company itself. In addition, we will also cover some of the problem that we face will developing this reasech paper. We will also cover some key points that we reasech or were told there disaster recovery plan. Also we provide solutions to their disaster recovery by point out some problems that they might face in the near future. We will also discussion how the plan will work in some cases and how it will not be as successful in other cases. Disaster Recovery for Best Buy A disaster is defined as an unexpected, unplanned catastrophic event that renders the Organizations ability to perform mission-critical and critical processes, including the ability to do normal production processing of systems that support critical business processes. A disaster could be the result of significant damage to a portion of the operations, a total loss of a facility, or the inability of the employees to access that facility. There were a lot of challenges that occurred during the development of......

Words: 1979 - Pages: 8

Disaster Recovery Plan

...Disaster Recovery Plan Kawa, Tonderai B. Fanshawe College INFO- 6027-02 Security Planning Defined Recovery Process: To insure the continuation of business at Sunnylake and secure accesses to the electronic medical records (EMRs) and insure a continued business through a disaster recovery plan that will be initiated with group 5 members. The plan has considered the Sunnylake hackers who have caused an access denied on EMRs so the DRP that is going to be implemented and will include management procedures and technology procedures to insure an on-time recovery. So the crisis being faced is hacked EMRs so doctors and nurses are at risk of medication errors and drug interactions, what was the most efficient method has becomes less reliable. Moverover if the recovery time takes longer there is little hope of reverting to EMRs. Some patients are receiving the wrong prescription due to a poor adjustment to the tedious and robust situation. Infrastructure (replace): Attempts for system restore, contemplating to pay ransom demanded by extortionist. Use of paper records as means of keeping patient and medication records and patients’ confidential information and doing filing as alternative means of record keeping. Whilst the hospital workstations being the major points of data entry. People (retain): The proactive participants and their role at Sunnylake; George Knudsen - (Chief of staff)...

Words: 933 - Pages: 4

Disaster Recovery

...continuity strategy, criticality prioritization, resource requirements |   | C. | Criticality prioritization, downtime estimation, documenting the continuity strategy |   | D. | Criticality prioritization, downtime estimation, resource requirementsAnswer : D | | 5. | Which of the following is the number-one priority for all Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)?   | A. | The reduction of potential critical outages |   | B. | The minimization of potential outages |   | C. | The elimination of potential outages |   | D. | The protection and welfare of employeesAnswer : D | | | | | 6. | During which step of the BIA do implementers ensure that all critical business processes are identified and ranked?   | A. | Criticality prioritization |   | B. | Defining the continuity strategy |   | C. | Resource requirements |   | D. | Downtime estimationAnswer : A | | 7. | During the BCP process, which group directs the planning, implementation, and development of the test procedures?   | A. | Senior business unit management |   | B. | BCP committee |   | C. | Executive management staff |   | D. | Functional business unitsAnswer : B | | 8. | Concerns arose many years ago regarding the integrity of the international business dealings of U.S. corporations. Bribery, for instance, was not unheard of. Which 1977 law imposes civil and criminal penalties on organizations that fail to act responsibly?   | A. | U.S. Computer......

Words: 2152 - Pages: 9

Disaster Recovery Plan

...Disaster Recovery Plan: A Risk Management Strategy CIS 359 8/25/13 Professor Michelle Hansen CEO CEO CISO CISO CIO CIO IT Procurement Specialist IT Procurement Specialist IT Security Compliance Officer IT Security Compliance Officer IT Security Engineer IT Security Engineer Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Helps ensure the programs uptake and success. Helps ensure the programs uptake and success. Privacy Security Professional Privacy Security Professional Security Manager Security Manager Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Can help identify training sources, evaluate vendor based and other training sources and aid in the development of awareness and other training materials. ...

Words: 1441 - Pages: 6

Disaster Recovery Plan

...State of Oklahoma Disaster Recovery Plan Template Version 1.0 31 October 2007 TABLE OF CONTENTS DISASTER RECOVERY PLAN – DOCUMENT CHANGE CONTROL 6 EXECUTIVE SUMMARY 8 Overview 8 Recovery Statement Summary 8 Recovery Scenario #1: The Preferred Solution for a Total Data Center Loss 8 Recovery Strategies: Activities and Time Frames 9 Short-Term (2 to 3 Days): 9 Medium-Term (6 to 12 weeks): 9 Longer-Term (6 months to 2 years): 9 Recovery Scenario #2: The Strategy for Loss of a Critical System or Component 9 Summary 10 INTRODUCTION 11 INFORMATION SECURITY POLICY – DEFINITIONS & STATED REQUIREMENTS 11 8.2 Disaster Recovery Plan 11 8.3 Business Recovery Strategy 11 PLAN DISTRIBUTION 11 PLAN OBJECTIVES 11 PLAN ASSUMPTIONS 12 Definitions 12 PROCESSING ENVIRONMENT 13 Scope of Recovery 13 Environment Description 13 Essential Equipment 13 Disaster Recovery Scripts 15 RECOVERY PLAN ELEMENTS 17 1. Recovery Plan for Major Disasters 17 A. Detection and Reaction 17 B. Identifying the problem – Notifying the authorities 17 C. Establishing a Command Center 17 D. Reducing Exposure 17 2. Roles and Responsibilities 20 A. Management / Damage Assessment Team: Initial Response 21 B. Disaster Recovery Teams — Emergency Contact List 22 (AGENCY) FUNCTIONAL AREA MANAGERS 23 3. Recovery Plan for Major Disasters 24 A. Establishment of Full Recovery at Backup Site 24 B. Disaster Recovery Team Checklists 24 C. Restoration of Facilities and...

Words: 17396 - Pages: 70

Disaster Recovery Management Com-540-Mbol1

...University Disaster Recovery Management COM-540-MBOL1 Contents Background 3 NIST SP 800-94 3 Intrusion Detection and Prevention Principles 4 Key Functions of IDPS Technologies 4 Detection Options 4 Types of IDPS Technologies 5 IDPS Technologies 5 Proper Installation 6 Testing and Deployment 6 Securing the IDPS 6 IDPS Updates 6 Building and Maintaining Skills – Additional Resources Required to Support 6 Using and Integrating Multiple IDPS Technologies 7 Review of the IDPS Marketplace 8 Comparison of IPS Products 9 Summary 9 Background The National Institute of Standards and Technology commonly known and referred to as NIST, is a government funded agency. NIST defines their mission statement as “NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” (NIST General Information, 2014). NIST is involved in mostly every area of Information Technology from the latest Trusted Identity (Leithauser & Curran, 2012) standards formatting to the handling and processing of DNA (DNA research, 2013). In recent years the President of the United States signed a Memorandum implementing a Digital Government Strategy. The government recognizing mobile device vulnerabilities and the high risk of data loss assigned NIST to implement IDS and other security standards. In a recent Mobile Security Report......

Words: 2456 - Pages: 10

It Security and Disaster Recovery Management

...IT Security and Disaster Recovery Management Every company or organization must be aware of all the risks that can occur. In order to do this, a risk assessment must be conducted. In the military, I must work to provide information to my leadership in order for them to assess a risk or threat from occurring. By understanding the risk assessment process it will provide a guideline on the thought process it will take in order to assess the risks within my organization. The risk assessment process provides an idealistic view of how senior leaders and executive will utilize information in determining their decisions on determining the appropriate course of action in response to a threat (NIST, 2011). The first component in a risk assessment process is to create a frame for a risk. This means that the senior leaders must come up with established guidelines as to how threats will be dealt with on every level within the organization. The second component is to assess the risk or threat. In order to do this, three sets of information must be gathered; what is the immediate threat, what the impact on the organization is, and what vulnerabilities will be affected by the threat. The third component is the process to respond to a risk. This is where senior leadership and the organization’s executives must determine the course of action in order to respond or counteract against a threat. The fourth component of the risk assessment process is to monitor the risk. This is......

Words: 774 - Pages: 4

Disaster Recovery

...Disaster recovery plans allows and gives the opportunity to a business to be able to recoup from any number of disasters, whether it may be a natural disaster or a fault of equipment to include power loss. These plans can be fairly basic with a goal and summary of what is to happen in the event of a disaster, to intensely involved and well spelled out plans that break down the summary, personal, intent, goal, and a timeline of events to follow. While disasters are unforeseen events that a business may never see or have to implement their plan, it allows them to be setup for success if it were to happen and not be doomed for failure in hopes of it not being a possibility. For this report, contact was made with Richmond County in Augusta Georgia to their IT department to discuss their disaster recovery plan. Some organizations are well equipped and have staffed members that specialize and have sole intent on being the disaster recovery planner and implementer. Others may contract out to other businesses to provide support and guidance on the matter. In this case, Richmond County has looked to a company called intelliSystems to provide hands-on assistance in their disaster recovery plan. IntelliSystems is a local company to the area with a mission to help “many businesses rid themselves of technology worries so that they can concentrate on growing their businesses and realizing their goals” (intelliSystems, 2015). They do this by providing key areas of: Microsoft Small......

Words: 646 - Pages: 3

Disaster Recovery Plan

...Disaster Recovery Plan Saphia Christopher Strayer University CIS 462 Dr. Basta An IT disaster recovery plan provides step-by-step procedures for recovering disrupted systems and networks, to help them resume normal operations. The goal of these processes is to minimize any negative impacts to company operations. The IT disaster recovery process identifies critical IT systems and networks; prioritizes their recovery time objective; and delineates the steps needed to restart, reconfigure, and recover them. A comprehensive IT DR plan also includes all the relevant supplier contacts, sources of expertise for recovering disrupted systems and a logical sequence of action steps to take for a smooth recovery (Kirvan, 2009). The following Disaster Recovery Plan has been put together for the mock company which will be named ABC Technologies. The information contained in the DRP is partially real information from my current employer and other parts are made up. This is in response to my current firm’s policy against the dissemination of proprietary information. Information Technology Statement of Intent This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency......

Words: 2966 - Pages: 12

Disaster Recovery Plan

...estimation, resource requirements, defining the continuity strategy B. Defining the continuity strategy, criticality prioritization, resource requirements C. Criticality prioritization, downtime estimation, documenting the continuity strategy D. Criticality prioritization, downtime estimation, resource requirements 5. Which of the following is the number-one priority for all Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)? A. The reduction of potential critical outages B. The minimization of potential outages C. The elimination of potential outages D. The protection and welfare of employees 6. During which step of the BIA do implementers ensure that all critical business processes are identified and ranked? A. Criticality prioritization 1 B. Defining the continuity strategy C. Resource requirements D. Downtime estimation 7. During the BCP process, which group directs the planning, implementation, and development of the test procedures? A. Senior business unit management B. BCP committee C. Executive management staff D. Functional business units 8. Concerns arose many years ago regarding the integrity of the international business dealings of U.S. corporations. Bribery, for instance, was not unheard of. Which 1977 law imposes civil and criminal penalties on organizations that fail to act responsibly? A. U.S. Computer Act B. Gramm-Leach-Bliley Act C. FCPA D. HIPAA 9. During a BIA, a vulnerability......

Words: 5034 - Pages: 21

Disaster Recovery Plan

...Disaster Recovery Plans   The headquarters of Hill Crest Corporation, a private company with $15.5 million in annual sales, is located in California. Hill Crest provides for its 150 clients an online legal software service that includes data storage and administrative activities for law offices. The company has grown rapidly since its inception 3 years ago, and its data processing department has expanded to accommodate this growth. Because Hill Crest’s president and sales personnel spend a great deal of time out of the office soliciting new clients, the planning of the IT facilities has been left to the data processing professionals. Hill Crest recently moved its headquarters into a remodeled warehouse on the outskirts of the city. While remodeling the warehouse, the architects retained much of the original structure, including the wooden-shingled exterior and exposed wooden beams throughout the interior. The minicomputer distributive processing hardware is situated in a large open area with high ceilings and skylights. The openness makes the data processing area accessible to the rest of the staff and encourages a team approach to problem solving. Before occupying the new facility, city inspectors declared the building safe; that is, it had adequate fire extinguishers, sufficient exits, and so on. In an effort to provide further protection for its large database of client information, Hill Crest instituted a tape backup procedure that automatically backs up the......

Words: 860 - Pages: 4

Exam Disaster Recovery Plan

...estimation, resource requirements, defining the continuity strategy B. Defining the continuity strategy, criticality prioritization, resource requirements C. Criticality prioritization, downtime estimation, documenting the continuity strategy D. Criticality prioritization, downtime estimation, resource requirements 5. Which of the following is the number-one priority for all Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)? A. The reduction of potential critical outages B. The minimization of potential outages C. The elimination of potential outages D. The protection and welfare of employees 6. During which step of the BIA do implementers ensure that all critical business processes are identified and ranked? A. Criticality prioritization 1 B. Defining the continuity strategy C. Resource requirements D. Downtime estimation 7. During the BCP process, which group directs the planning, implementation, and development of the test procedures? A. Senior business unit management B. BCP committee C. Executive management staff D. Functional business units 8. Concerns arose many years ago regarding the integrity of the international business dealings of U.S. corporations. Bribery, for instance, was not unheard of. Which 1977 law imposes civil and criminal penalties on organizations that fail to act responsibly? A. U.S. Computer Act B. Gramm-Leach-Bliley Act C. FCPA D. HIPAA 9. During a BIA, a vulnerability......

Words: 5032 - Pages: 21

Disaster Recovery at Marshall Field’s

...Case 1 Disaster Recovery at Marshall Field’s (Another Chicago River Story) Early in the morning on April 13, 1992, basements in Chicago’s downtown central business district began to flood. A hole the size of an automobile had developed between the river and an adjacent abandoned tunnel. The tunnel, built in the early 1900s for transporting coal, runs throughout the downtown area. When the tunnel flooded, so did the basements connected to it, some 272 in all, including that of major retailer Marshall Field’s. The problem was first noted at 5:30 A.M. by a member of the Marshall Field’s trouble desk who saw water pouring into the basement. The manager of maintenance was notified and immediately took charge. His first actions were to contact the Chicago Fire and Water Departments, and Marshall Field’s parent company, Dayton Hudson in Minneapolis. Electricity—and with it all elevator, computer, communication, and security services for the 15-story building—would soon be lost. The building was evacuated and elevators were moved above basement levels. A command post was quickly established and a team formed from various departments such as facilities, security, human resources, public relations, and financial, legal, insurance, and support services. Later that day, members of Dayton Hudson’s risk management group arrived from Minneapolis to take over coordinating the team’s efforts. The team initially met twice a week to evaluate progress as the store recovered.......

Words: 713 - Pages: 3

Disaster Recovery

...retained. Often some of these backups are removed from the site for safekeeping and disaster recovery purposes. RTO - The recovery time objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.[1] It can include the time for trying to fix the problem without a recovery, the recovery itself, testing, and the communication to the users. Decision time for users representative is not included. RPO - The recovery point objective (RPO) is the age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure. Cold Site - A cold site is a similar type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations. A cold site is less expensive, but it takes longer to get an enterprise in full operation after the disaster. Warm Site - A warm backup site is already stocked with hardware representing a reasonable facsimile of that found in your data center. To restore service, the last backups from your off-site storage facility must be delivered, and bare metal restoration completed, before the real work of recovery can begin. Hot Site - Hot backup sites have a virtual mirror image of your......

Words: 369 - Pages: 2

Disaster Recovery Plan

...after 47 hours from the airplane impact at the WTC. The reason: * A well conceived DRP; * A skillful execution of the DRP, with people working on adrenaline and reacting on instincts. DRP – based on several mirror sites. Triangular architecture: WTC – Rochelle Park – London. The significant loss of lives made recovery from this event especially difficult. Sources (moving forward): http://www.baselinemag.com/c/a/Business-Intelligence/Pop-Culture/ From day one, Rochelle Park was seen as a concurrent system, not a disaster-recovery site. The shift was driven by eSpeed's role as the largest player in electronic bond-trading, which meant uninterrupted service was an imperative. The nondescript building in a blue-collar town was perfect—a former telecom facility across from another telecom building. Systems alternated between the trade center and the mirror site, with particular products (e.g., zero coupon bonds) running live for a month at one location and then switching to the other; about half of the company's approximately 40 products were live at each location at any given time. "In that sense we had run our disaster-recovery tests the day before," says Noviello. The mirror site and the World Trade Center were connected by a high-speed optical line, over which eSpeed linked the storage area networks at each site. Sybase data-replication software mirrored critical databases between the sites. Half of the company's Microsoft Exchange e-mail servers......

Words: 2816 - Pages: 12

Economic Contributions of Small Business | moto de 1949 | Lampadina Effetto Fiamma Viva Votiva Attacco E 14 3 W Fuoco Per Presepio (606S