Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Let’s Talk About Cyber Security
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Maintaining and Updating Windows Server 2008
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
November 2009 Network Disaster Recovery October 2014.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Hands-On Microsoft Windows Server 2008
Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
IT Security for Users By Matthew Moody.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
What does “secure” mean? Protecting Valuables
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.
Information Systems Security Operational Control for Information Security.
Computer Maintenance and Troubleshooting
Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Computer security By Isabelle Cooper.
Topic 5: Basic Security.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
CONTROLLING INFORMATION SYSTEMS
Computer Security By Duncan Hall.
W elcome to our Presentation. Presentation Topic Virus.
Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)
© 2013 Toshiba Corporation B2B PC Training Mailer - Toshiba Device Access Control.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
By the end of this lesson you will be able to explain: 1. Identify the support categories for reported computer problems 2. Use Remote Assistance to connect.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Computer Security Keeping you and your computer safe in the digital world.
Security Issues in Information Technology
Securing Network Servers
Firmware threat Dhaval Chauhan MIS 534.
Firewalls.
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
CYB 110 Competitive Success/snaptutorial.com
The Internet of Unsecure Things
Check Point Connectra NGX R60
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Convergence IT Services Pvt. Ltd
G061 - Network Security.
What is keystroke logging?
Presentation transcript:

Cybersecurity Disaster Recovery Plan

What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event of a disaster that affects an organization’s IT infrastructure. A Disaster Recovery Plan (DRP) tells the employees and members of the organization what to do in case of an IT emergency. The DRP is an integral part of a company’s Business Continuity Plan. A DRP often defines key IT assets, threats, and disaster scenarios. A DRP should be used to preserve a company’s confidentiality, integrity and availability.

Why should all companies have a Disaster recovery plan in place? To reduce the amount of damage the company sustains from a disaster. To prepare and educate the workers or organization for a disaster. To inform employees and members of disaster protocols. To reduce the amount of decision making done in the midst of a disaster. To drastically reduce the risk of delays and interruptions in business operations.

What should be included in a Disaster Recovery plan? An updated recall roster that includes employees’ names, contact information, and position in the company. A detailed chart that defines each employees’ role if a disaster were to occur. A detailed step-by-step disaster recovery script. A documented, up-to-date risk assessment outlining the elements needed in order to ensure maintenance of the company’s daily operations (this should also include a current network diagram). A detailed list of vendors that includes contact information. A list of any back up sites such as Hot sites, Warm sites and Cold sites.

 What it is:  The Stuxnet virus is labeled the most complex weapon in cyber warfare to date. Norton Symantec stated “It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world (The Stuxnet Worm, 2011).”  How it works:  A form of malware, or malicious software, that has over 1500 lines of code embedded in it, the Stuxnet worm has the ability to infect computer systems with a Microsoft Windows operating system, lying undetected and replicating itself until it finds its true target. After the worm’s target is acquired it causes the targeted equipment to raise its rate of rotation per minute to a dangerously high speed, consequently causing the target to rip itself apart.  The threat:  This worm is most dangerous because of its ability to break the target’s integrity by making the control software report false positives and causing the equipment to appear as though it is working correctly.

 Target: PLC device and software located in a specific device on a standalone network at the Iranian nuclear facilities.  OS systems affected: Windows OS and software made by Siemens that controlled the RPM of hardware in the nuclear facilities.  How it worked: Raised the speed of rotations on the hardware, causing the rotors to spin extremely fast and eventually forcing the system to spiral out of control. As this was occurring, the worm began to complete the job it was designed to do by causing software checks to look as if the hardware was working properly and taking over the controls for the system kill switch.  Access point: Someone at the facility placed an infected USB flash drive into a computer on the stand alone network.

The Stuxnet virus was spread to the stand alone network via USB flash drive and so the best way to prevent the virus from getting on the network would have been to disable the USB port on the computer itself. Three ways of disabling USB are: 1. Physically disabling the wire from the computers motherboard. 2. Disabling the USB using Microsoft. 3. Disabling the USB using a 3rd party software.

Physically disabling the wire from the computer’s motherboard through disconnection Disconnecting the USB wire from the motherboard would require the services of a skilled technician. A potentially time consuming process, depending on how many systems need to be disconnected, the computer may have to be down for some time and this would affect the system’s availability.

Physically disabling the wire from the computer’s motherboard through wire cutting Another way of physically disconnecting the USB from the motherboard is to cut the wires that connect the USB port to the motherboard. This method should also be done by a skilled technician to avoid cutting the wrong wire and corrupting the entire system.

Pros and Cons of Physically disabling the USB ports Pros The Stuxnet worm no longer has an entry point for the system. The USB can be reconnected and function just as before at a later time. Cons The trade in value of the system can be ruined. The system will be forced to use PS 2 mice and keyboard as its source of input.

Disabling the USB using Microsoft The following methods can be used to disable the USB using Microsoft : o Using the registry in Microsoft. o Using the group policy in Microsoft. o Disable from the bios.

Disabling the USB ports using the registry requires the services of a technician with vast knowledge of Microsoft’s operating system. Entering the wrong value during this process can change unaffected portions of the operating system thereby impeding the processing of the OS.

Granting or limiting access to USB ports requires having the rights of a systems administrator which include reading and writing rights to the group policy object editor. This is a fairly easy process but an updated access control list should be used to ensure the person being added requires having access to the level of permissions being granted.

This method results in decreased confidentiality and security as it allows anyone the ability to disable and enable the USB port as long as the bios do not require a password.

IceDeep, Inc. MYUSBONLY RD Party software that protects against all USB cyber attacks. Blocks all USB ports except trusted USB storage devices. Logs all USB devices plugged into the system and logs what the USB is being used to do (i.e. uploading a document to the computer). Can run undetected or in plan sight to be used as a deterrence. security-device-control/

NirSoft USBDEVIEW 3 rd party software that can disable and enable USB devices. Can obtain all information about a USB device that is plugged into a system that has USBDEVIEW on it (i.e. the USB device’s vender ID, Product ID, etc). Keeps track of the USB devices plugged into the system. Assists with digital forensics after a cybercrime is committed. Can also be used and accessed remotely. ices_view.html

3 rd party software that can provide detailed data forensics needed after a cyber attack. Gives right to groups to have access to USB ports and grants permissions based on an updated access control list and device whitelist. Can allow USB devices read-only access. Can be programmed to let users have USB access on a schedule by date and times. Permissions are still enforced if the system is off the network. Adds an extra layer of protection to defend against Malware. Provides media encryption. Runs detailed reports about access to data files. Monitors port access. Discovers what devices are attempting to access USB ports and where. software/usb-security-protection/overview.aspx

Pros and Cons of using 3 rd party software to disabling the USB ports Pros Seems easy to use. Software controls are usually easy to access. Generally saves time. User-friendly and take effect much sooner than manually disabling the USB port. Cons May come with its own set of vulnerabilities. Can be costly to a company; company should complete a risk assessment to see if it is worth the cost. The technician needs to be properly trained and that could cost the company man hours. Can be hacked and manipulated to perform malicious functions.

Disabling the USB ports is the best way to stop a Stuxnet virus from reaching a stand alone system. Depending on the size of the company I would use a 3 rd party software to disable the USB ports. They are less time consuming, and time is of the essence when working with a large company. The 3 rd party software I would use would be Lumension Device Control for the following reasons: It uses an access control list which keeps the confidentiality of system by not letting people with out proper permission access USB ports. The software can also control the availability of when people can have access to the USB ports on the system.

How can I prevent users from connecting to a USB storage device? (n.d.). Retrieved from usersdevice Solutions. (n.d.). Retrieved from device-control/ The Stuxnet Worm. (n.d.). Retrieved from USB storage devices: Two ways to stop the threat to network security. (n.d.). Retrieved from devices-Two-ways-to-stop-the-threat-to-network-security USB storagenetwork security View any installed/connected USB device on your system. (n.d.). Retrieved from

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.